Companion Notes

O F F I C I A L M I C R O S O F T L E A R N I N G P R O D U C T
20697-1D
Implementing and Managing Windows 10
Companion Content
ii Implementing and Managing Windows 10
Information in this document, including URL and other Internet Web site references, is subject to change
without notice. Unless otherwise noted, the example companies, organizations, products, domain names,
e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with
any real company, organization, product, domain name, e-mail address, logo, person, place or event is
intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the
user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in
or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical,
photocopying, recording, or otherwise), or for any purpose, without the express written permission of
Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property
rights covering subject matter in this document. Except as expressly provided in any written license
agreement from Microsoft, the furnishing of this document does not give you any license to these
patents, trademarks, copyrights, or other intellectual property.
The names of manufacturers, products, or URLs are provided for informational purposes only and
Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding
these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a
manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links
may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not
responsible for the contents of any linked site or any link contained in a linked site, or any changes or
updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission
received from any linked site. Microsoft is providing these links to you only as a convenience, and the
inclusion of any link does not imply endorsement of Microsoft of the site or the products contained
therein.
© 2018 Microsoft Corporation. All rights reserved.

Microsoft and the trademarks listed at https://www.microsoft.com/en-
us/legal/intellectualproperty/Trademarks/Usage/General.aspx are trademarks of the Microsoft group of companies. All
other trademarks are property of their respective owners
Product Number: 20697-1D
Released: 03/2018
MICROSOFT LICENSE TERMS
MICROSOFT INSTRUCTOR-LED COURSEWARE
These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its
affiliates) and you. Please read them. They apply to your use of the content accompanying this agreement which
includes the media on which you received it, if any. These license terms also apply to Trainer Content and any
updates and supplements for the Licensed Content unless other terms accompany those items. If so, those terms
apply.
BY ACCESSING, DOWNLOADING OR USING THE LICENSED CONTENT, YOU ACCEPT THESE TERMS.
IF YOU DO NOT ACCEPT THEM, DO NOT ACCESS, DOWNLOAD OR USE THE LICENSED CONTENT.
If you comply with these license terms, you have the rights below for each license you acquire.
1. DEFINITIONS.
a. “Authorized Learning Center” means a Microsoft IT Academy Program Member, Microsoft Learning
Competency Member, or such other entity as Microsoft may designate from time to time.
b. “Authorized Training Session” means the instructor-led training class using Microsoft Instructor-Led
Courseware conducted by a Trainer at or through an Authorized Learning Center.
c. “Classroom Device” means one (1) dedicated, secure computer that an Authorized Learning Center owns
or controls that is located at an Authorized Learning Center’s training facilities that meets or exceeds the
hardware level specified for the particular Microsoft Instructor-Led Courseware.
d. “End User” means an individual who is (i) duly enrolled in and attending an Authorized Training Session
or Private Training Session, (ii) an employee of a MPN Member, or (iii) a Microsoft full-time employee.
e. “Licensed Content” means the content accompanying this agreement which may include the Microsoft
Instructor-Led Courseware or Trainer Content.
f. “Microsoft Certified Trainer” or “MCT” means an individual who is (i) engaged to teach a training session
to End Users on behalf of an Authorized Learning Center or MPN Member, and (ii) currently certified as a
Microsoft Certified Trainer under the Microsoft Certification Program.
g. “Microsoft Instructor-Led Courseware” means the Microsoft-branded instructor-led training course that
educates IT professionals and developers on Microsoft technologies. A Microsoft Instructor-Led
Courseware title may be branded as MOC, Microsoft Dynamics or Microsoft Business Group courseware.
h. “Microsoft IT Academy Program Member” means an active member of the Microsoft IT Academy
Program.
i. “Microsoft Learning Competency Member” means an active member of the Microsoft Partner Network
program in good standing that currently holds the Learning Competency status.
j. “MOC” means the “Official Microsoft Learning Product” instructor-led courseware known as Microsoft
Official Course that educates IT professionals and developers on Microsoft technologies.
k. “MPN Member” means an active Microsoft Partner Network program member in good standing.
l. “Personal Device” means one (1) personal computer, device, workstation or other digital electronic device
that you personally own or control that meets or exceeds the hardware level specified for the particular
Microsoft Instructor-Led Courseware.
m. “Private Training Session” means the instructor-led training classes provided by MPN Members for
corporate customers to teach a predefined learning objective using Microsoft Instructor-Led Courseware.
These classes are not advertised or promoted to the general public and class attendance is restricted to
individuals employed by or contracted by the corporate customer.
n. “Trainer” means (i) an academically accredited educator engaged by a Microsoft IT Academy Program
Member to teach an Authorized Training Session, and/or (ii) a MCT.
o. “Trainer Content” means the trainer version of the Microsoft Instructor-Led Courseware and additional
supplemental content designated solely for Trainers’ use to teach a training session using the Microsoft
Instructor-Led Courseware. Trainer Content may include Microsoft PowerPoint presentations, trainer
preparation guide, train the trainer materials, Microsoft One Note packs, classroom setup guide and Pre-
release course feedback form. To clarify, Trainer Content does not include any software, virtual hard
disks or virtual machines.
2. USE RIGHTS. The Licensed Content is licensed not sold. The Licensed Content is licensed on a
, such that you must acquire a license for each individual that accesses or uses the Licensed
Content.
2.1 Below are five separate sets of use rights. Only one set of rights apply to you.
a. If you are a Microsoft IT Academy Program Member:

i. Each license acquired on behalf of yourself may only be used to review one (1) copy of the Microsoft
Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is
in digital format, you may install one (1) copy on up to three (3) Personal Devices. You may not
install the Microsoft Instructor-Led Courseware on a device you do not own or control.
ii. For each license you acquire on behalf of an End User or Trainer, you may either:
1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End
User who is enrolled in the Authorized Training Session, and only immediately prior to the
commencement of the Authorized Training Session that is the subject matter of the Microsoft
Instructor-Led Courseware being provided, or
2. provide one (1) End User with the unique redemption code and instructions on how they can
access one (1) digital version of the Microsoft Instructor-Led Courseware, or
3. provide one (1) Trainer with the unique redemption code and instructions on how they can
access one (1) Trainer Content,
provided you comply with the following:
iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid
license to the Licensed Content,
iv. you will ensure each End User attending an Authorized Training Session has their own valid licensed
copy of the Microsoft Instructor-Led Courseware that is the subject of the Authorized Training
Session,
v. you will ensure that each End User provided with the hard-copy version of the Microsoft Instructor-
Led Courseware will be presented with a copy of this agreement and each End User will agree that
their use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement
prior to providing them with the Microsoft Instructor-Led Courseware. Each individual will be required
to denote their acceptance of this agreement in a manner that is enforceable under local law prior to
their accessing the Microsoft Instructor-Led Courseware,
vi. you will ensure that each Trainer teaching an Authorized Training Session has their own valid
licensed copy of the Trainer Content that is the subject of the Authorized Training Session,
vii. you will only use qualified Trainers who have in-depth knowledge of and experience with the
Microsoft technology that is the subject of the Microsoft Instructor-Led Courseware being taught for
all your Authorized Training Sessions,
viii. you will only deliver a maximum of 15 hours of training per week for each Authorized Training
Session that uses a MOC title, and
ix. you acknowledge that Trainers that are not MCTs will not have access to all of the trainer resources
for the Microsoft Instructor-Led Courseware.
b. If you are a Microsoft Learning Competency Member:

User attending the Authorized Training Session and only immediately prior to the
commencement of the Authorized Training Session that is the subject matter of the Microsoft
Instructor-Led Courseware provided, or
2. provide one (1) End User attending the Authorized Training Session with the unique redemption
code and instructions on how they can access one (1) digital version of the Microsoft Instructor-
Led Courseware, or
3. you will provide one (1) Trainer with the unique redemption code and instructions on how they
can access one (1) Trainer Content,
iv. you will ensure that each End User attending an Authorized Training Session has their own valid
licensed copy of the Microsoft Instructor-Led Courseware that is the subject of the Authorized
Training Session,
v. you will ensure that each End User provided with a hard-copy version of the Microsoft Instructor-Led
Courseware will be presented with a copy of this agreement and each End User will agree that their
use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to
providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to
denote their acceptance of this agreement in a manner that is enforceable under local law prior to
vi. you will ensure that each Trainer teaching an Authorized Training Session has their own valid
licensed copy of the Trainer Content that is the subject of the Authorized Training Session,
vii. you will only use qualified Trainers who hold the applicable Microsoft Certification credential that is
the subject of the Microsoft Instructor-Led Courseware being taught for your Authorized Training
Sessions,
viii. you will only use qualified MCTs who also hold the applicable Microsoft Certification credential that is
the subject of the MOC title being taught for all your Authorized Training Sessions using MOC,
ix. you will only provide access to the Microsoft Instructor-Led Courseware to End Users, and
x. you will only provide access to the Trainer Content to Trainers.
c. If you are a MPN Member:
User attending the Private Training Session, and only immediately prior to the commencement
of the Private Training Session that is the subject matter of the Microsoft Instructor-Led
Courseware being provided, or
2. provide one (1) End User who is attending the Private Training Session with the unique
redemption code and instructions on how they can access one (1) digital version of the
Microsoft Instructor-Led Courseware, or
3. you will provide one (1) Trainer who is teaching the Private Training Session with the unique
redemption code and instructions on how they can access one (1) Trainer Content,
iv. you will ensure that each End User attending an Private Training Session has their own valid licensed
copy of the Microsoft Instructor-Led Courseware that is the subject of the Private Training Session,
v. you will ensure that each End User provided with a hard copy version of the Microsoft Instructor-Led
Courseware will be presented with a copy of this agreement and each End User will agree that their
use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to
providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to
denote their acceptance of this agreement in a manner that is enforceable under local law prior to
vi. you will ensure that each Trainer teaching an Private Training Session has their own valid licensed
copy of the Trainer Content that is the subject of the Private Training Session,
vii. you will only use qualified Trainers who hold the applicable Microsoft Certification credential that is
the subject of the Microsoft Instructor-Led Courseware being taught for all your Private Training
Sessions,
viii. you will only use qualified MCTs who hold the applicable Microsoft Certification credential that is the
subject of the MOC title being taught for all your Private Training Sessions using MOC,
ix. you will only provide access to the Microsoft Instructor-Led Courseware to End Users, and
x. you will only provide access to the Trainer Content to Trainers.
d. If you are an End User:

For each license you acquire, you may use the Microsoft Instructor-Led Courseware solely for your
personal training use. If the Microsoft Instructor-Led Courseware is in digital format, you may access the
Microsoft Instructor-Led Courseware online using the unique redemption code provided to you by the
training provider and install and use one (1) copy of the Microsoft Instructor-Led Courseware on up to
three (3) Personal Devices. You may also print one (1) copy of the Microsoft Instructor-Led Courseware.
You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control.
e. If you are a Trainer.

i. For each license you acquire, you may install and use one (1) copy of the Trainer Content in the
form provided to you on one (1) Personal Device solely to prepare and deliver an Authorized
Training Session or Private Training Session, and install one (1) additional copy on another Personal
Device as a backup copy, which may be used only to reinstall the Trainer Content. You may not
install or use a copy of the Trainer Content on a device you do not own or control. You may also
print one (1) copy of the Trainer Content solely to prepare for and deliver an Authorized Training
Session or Private Training Session.
ii. You may customize the written portions of the Trainer Content that are logically associated with
instruction of a training session in accordance with the most recent version of the MCT agreement.
If you elect to exercise the foregoing rights, you agree to comply with the following: (i)
customizations may only be used for teaching Authorized Training Sessions and Private Training
Sessions, and (ii) all customizations will comply with this agreement. For clarity, any use of
“ refers only to changing the order of slides and content, and/or not using all the slides or
content, it does not mean changing or modifying any slide or content.
2.2 Separation of Components. The Licensed Content is licensed as a single unit and you may not
separate their components and install them on different devices.
2.3 Redistribution of Licensed Content. Except as expressly provided in the use rights above, you may
not distribute any Licensed Content or any portion thereof (including any permitted modifications) to any
third parties without the express written permission of Microsoft.
2.4 Third Party Notices. The Licensed Content may include third party code tent that Microsoft, not the
third party, licenses to you under this agreement. Notices, if any, for the third party code ntent are included
for your information only.
2.5 Additional Terms. Some Licensed Content may contain components with additional terms,
conditions, and licenses regarding its use. Any non-conflicting terms in those conditions and licenses also
apply to your use of that respective component and supplements the terms described in this agreement.
3. LICENSED CONTENT BASED ON PRE-RELEASE TECHNOLOGY. If the Licensed Content’s subject

matter is based on a pre-release version of Microsoft technology (“Pre-release”), then in addition to the
other provisions in this agreement, these terms also apply:
a. Pre-Release Licensed Content. This Licensed Content subject matter is on the Pre-release version of
the Microsoft technology. The technology may not work the way a final version of the technology will
and we may change the technology for the final version. We also may not release a final version.
Licensed Content based on the final version of the technology may not contain the same information as
the Licensed Content based on the Pre-release version. Microsoft is under no obligation to provide you
with any further content, including any Licensed Content based on the final version of the technology.
b. Feedback. If you agree to give feedback about the Licensed Content to Microsoft, either directly or
through its third party designee, you give to Microsoft without charge, the right to use, share and
commercialize your feedback in any way and for any purpose. You also give to third parties, without
charge, any patent rights needed for their products, technologies and services to use or interface with
any specific parts of a Microsoft technology, Microsoft product, or service that includes the feedback.
You will not give feedback that is subject to a license that requires Microsoft to license its technology,
technologies, or products to third parties because we include your feedback in them. These rights
survive this agreement.
c. Pre-release Term. If you are an Microsoft IT Academy Program Member, Microsoft Learning
Competency Member, MPN Member or Trainer, you will cease using all copies of the Licensed Content on
the Pre-release technology upon (i) the date which Microsoft informs you is the end date for using the
Licensed Content on the Pre-release technology, or (ii) sixty (60) days after the commercial release of the
technology that is the subject of the Licensed Content, whichever is earliest (“Pre-release term”).
Upon expiration or termination of the Pre-release term, you will irretrievably delete and destroy all copies
of the Licensed Content in your possession or under your control.
4. SCOPE OF LICENSE. The Licensed Content is licensed, not sold. This agreement only gives you some
rights to use the Licensed Content. Microsoft reserves all other rights. Unless applicable law gives you more
rights despite this limitation, you may use the Licensed Content only as expressly permitted in this
agreement. In doing so, you must comply with any technical limitations in the Licensed Content that only
allows you to use it in certain ways. Except as expressly permitted in this agreement, you may not:
access or allow any individual to access the Licensed Content if they have not acquired a valid license
for the Licensed Content,
alter, remove or obscure any copyright or other protective notices (including watermarks), branding
or identifications contained in the Licensed Content,
modify or create a derivative work of any Licensed Content,
publicly display, or make the Licensed Content available for others to access or use,
copy, print, install, sell, publish, transmit, lend, adapt, reuse, link to or post, make available or
distribute the Licensed Content to any third party,
work around any technical limitations in the Licensed Content, or
reverse engineer, decompile, remove or otherwise thwart any protections or disassemble the
Licensed Content except and only to the extent that applicable law expressly permits, despite this
limitation.
5. RESERVATION OF RIGHTS AND OWNERSHIP. Microsoft reserves all rights not expressly granted to
you in this agreement. The Licensed Content is protected by copyright and other intellectual property laws
and treaties. Microsoft or its suppliers own the title, copyright, and other intellectual property rights in the
Licensed Content.
6. EXPORT RESTRICTIONS. The Licensed Content is subject to United States export laws and regulations.
You must comply with all domestic and international export laws and regulations that apply to the Licensed
Content. These laws include restrictions on destinations, end users and end use. For additional information,
see www.microsoft.com/exporting.
7. SUPPORT SERVICES. Because the Licensed Content is “as is”, we may not provide support services for it.
8. TERMINATION. Without prejudice to any other rights, Microsoft may terminate this agreement if you fail
to comply with the terms and conditions of this agreement. Upon termination of this agreement for any
reason, you will immediately stop all use of and delete and destroy all copies of the Licensed Content in
your possession or under your control.
9. LINKS TO THIRD PARTY SITES. You may link to third party sites through the use of the Licensed
Content. The third party sites are not under the control of Microsoft, and Microsoft is not responsible for
the contents of any third party sites, any links contained in third party sites, or any changes or updates to
third party sites. Microsoft is not responsible for webcasting or any other form of transmission received
from any third party sites. Microsoft is providing these links to third party sites to you only as a
convenience, and the inclusion of any link does not imply an endorsement by Microsoft of the third party
site.
10. ENTIRE AGREEMENT. This agreement, and any additional terms for the Trainer Content, updates and
supplements are the entire agreement for the Licensed Content, updates and supplements.
11. APPLICABLE LAW.

a. United States. If you acquired the Licensed Content in the United States, Washington state law governs
the interpretation of this agreement and applies to claims for breach of it, regardless of conflict of laws
principles. The laws of the state where you live govern all other claims, including claims under state
consumer protection laws, unfair competition laws, and in tort.
b. Outside the United States. If you acquired the Licensed Content in any other country, the laws of that
country apply.
12. LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the laws
of your country. You may also have rights with respect to the party from whom you acquired the Licensed
Content. This agreement does not change your rights under the laws of your country if the laws of your
country do not permit it to do so.
13. DISCLAIMER OF WARRANTY. THE LICENSED CONTENT IS LICENSED "AS-IS" AND "AS
AVAILABLE." YOU BEAR THE RISK OF USING IT. MICROSOFT AND ITS RESPECTIVE
AFFILIATES GIVES NO EXPRESS WARRANTIES, GUARANTEES, OR CONDITIONS. YOU MAY
HAVE ADDITIONAL CONSUMER RIGHTS UNDER YOUR LOCAL LAWS WHICH THIS AGREEMENT
CANNOT CHANGE. TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAWS, MICROSOFT AND
ITS RESPECTIVE AFFILIATES EXCLUDES ANY IMPLIED WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
14. LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER FROM
MICROSOFT, ITS RESPECTIVE AFFILIATES AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP
TO US$5.00. YOU CANNOT RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL,
LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES.
This limitation applies to

anything related to the Licensed Content, services, content (including code) on third party Internet
sites or third-party programs; and
claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence,
or other tort to the extent permitted by applicable law.
It also applies even if Microsoft knew or should have known about the possibility of the damages. The
above limitation or exclusion may not apply to you because your country may not allow the exclusion or
limitation of incidental, consequential or other damages.
Please note: As this Licensed Content is distributed in Quebec, Canada, some of the clauses in this
agreement are provided below in French.
Remarque : Ce le contenu sous licence étant distribué au Québec, Canada, certaines des clauses
dans ce contrat sont fournies ci-dessous en français.
EXONÉRATION DE GARANTIE. Le contenu sous licence visé par une licence est offert « tel quel ». Toute
utilisation de ce contenu sous licence est à votre seule risque et péril. Microsoft n’accorde aucune autre garantie
expresse. Vous pouvez bénéficier de droits additionnels en vertu du droit local sur la protection dues
consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties
implicites de qualité marchande, d’adéquation à un usage particulier et d’absence de contrefaçon sont exclues.
LIMITATION DES DOMMAGES-INTÉRÊTS ET EXCLUSION DE RESPONSABILITÉ POUR LES

DOMMAGES. Vous pouvez obtenir de Microsoft et de ses fournisseurs une indemnisation en cas de dommages
directs uniquement à hauteur de 5,00 $ US. Vous ne pouvez prétendre à aucune indemnisation pour les autres
dommages, y compris les dommages spéciaux, indirects ou accessoires et pertes de bénéfices.
Cette limitation concerne:
tout ce qui est relié au le contenu sous licence, aux services ou au contenu (y compris le code)
figurant sur des sites Internet tiers ou dans des programmes tiers; et.
les réclamations au titre de violation de contrat ou de garantie, ou au titre de responsabilité
stricte, de négligence ou d’une autre faute dans la limite autorisée par la loi en vigueur.
Elle s’applique également, même si Microsoft connaissait ou devrait connaître l’éventualité d’un tel dommage. Si
votre pays n’autorise pas l’exclusion ou la limitation de responsabilité pour les dommages indirects, accessoires
ou de quelque nature que ce soit, il se peut que la limitation ou l’exclusion ci-dessus ne s’appliquera pas à votre
égard.
EFFET JURIDIQUE. Le présent contrat décrit certains droits juridiques. Vous pourriez avoir d’autres droits
prévus par les lois de votre pays. Le présent contrat ne modifie pas les droits que vous confèrent les lois de votre
pays si celles-ci ne le permettent pas.
Revised July 2013

Overview of Windows 10 1-1
Module 1
Overview of Windows 10
Contents:
Lesson 1: Introducing Windows 10 2
Lesson 2: Navigating the Windows 10 user interface 4
Module Review and Takeaways 7
Lab Review Questions and Answers 8

1-2 Implementing and Managing Windows 10
Lesson 1
Introducing Windows 10
Contents:
Question and Answers 3
Resources 3
Question and Answers

Question: What are the benefits to small and medium-sized organizations of using Windows 10? (Choose
all that apply)
( ) Windows 10 is easy to use.
( ) Windows 10 is provided with continuous updates.
( ) Microsoft provides Windows 10 as a free upgrade for Windows 7 Enterprise users.
( ) Windows 10 provides improved device management.
Answer:
(√) Windows 10 is easy to use.
(√) Windows 10 is provided with continuous updates.
( ) Microsoft provides Windows 10 as a free upgrade for Windows 7 Enterprise users.
(√) Windows 10 provides improved device management.
Feedback: Windows 10 is easy to use and provides continuous updates, and Microsoft does offer
it as a free Windows 10 upgrade for Windows 7 Pro users.
Discussion: Is your organization ready for Windows 10?

Question: Has your organization started deploying Windows 10, or are you considering it?
Answer: Answers will vary based on the organizational situations and experiences of students.
Question: What Windows client version does your organization deploy currently?
Discussion: Will your organization embrace the BYOD philosophy?

Question: Does your organization allow users to connect their own devices to the corporate network?
Question: If you answered yes to the previous question, with what types of devices do users connect most
commonly?
Question: Do you think the Windows 10 features for management and integration of users’ own devices
within the corporate workspace will make it easier for organizations to support BYOD?
Resources
What’s new in Windows 10 Fall Creators Update?
Additional Reading: For more information, refer to:
• “What’s new for IT pros in the Windows 10 Creators Update” at: https://aka.ms/Uplspi
• “What’s new for IT pros in Windows 10, version 1709” at: https://aka.ms/Nri1fn
Lesson 2
Navigating the Windows 10 user interface
Contents:
Demonstration: Navigating the Windows 10 user interface 5
Demonstration: Customizing the Windows 10 Start screen 6

Question: When you sign in to Windows 10 on a touch device, Windows 10 runs in Tablet mode only.
( ) True
( ) False
Answer:
( ) True
(√) False
Feedback: Windows 10 runs in Tablet mode by default, but you can switch it manually to
Desktop mode.
Demonstration: Navigating the Windows 10 user interface

Demonstration Steps
Sign in
1. Switch to LON-CL2, and then click the Lock screen.
2. Click Other user.
3. In the User name box, type Beth.
4. In the Password box, type Pa55w.rd, and then press Enter.
Open action center

1. On the taskbar, click Action Center.
Note: If the tiles at the bottom of action center do not display, close and open Action
Center again.
2. Click Tablet mode.
3. Click Start to close action center.
View installed apps

1. In Start, click All apps. (The All apps icon is the second from the top on the left side of the screen).
2. In the All apps list, click Calculator.
3. Click Start.
4. Click All apps, and then click Alarms & Clock.
Switch between running apps

1. On the taskbar, click Task View. Both running apps should display.
2. Click Action Center.
3. Click Tablet mode.
4. In Alarms & Clock, click Restore Down.
5. Drag Alarms & Clock to the right side of the display, and then release it.
6. Click Calculator. Both apps should display, side by side.

Add a new desktop

1. On the taskbar, click Task View.
2. On the right side of the display, click New desktop.
3. Click Desktop 2.
4. Click Start, scroll down, and then click Word 2016.
5. On the taskbar, click Task View. Both desktops should display, side by side.
6. Close Desktop 2.
Sign out
• Close all apps, and right-click Start, point to Shut down or sign out, and then click Sign out.
Demonstration: Customizing the Windows 10 Start screen

Demonstration Steps
Sign in
1. Switch to LON-CL2, and then click the Lock screen.
2. Click Other user.
3. In the User name box, type Beth.
4. In the Password box, type Pa55w.rd, and then press Enter.
Configure Start
1. In Start, right-click Word 2016, and then click Pin to Start.
2. Right-click PowerPoint 2016, and then click Pin to Start.
3. Right-click Excel 2016, and then click Pin to Start.
4. Right-click Camera, and then click Pin to Start.
5. Click the space immediately above the four tiles.
6. A text box appears. Type Microsoft Office, and then press Enter.
7. Right-click Camera, and then click Unpin from Start.
8. Click and hold the Microsoft Office group, and then drag it to the top of the display above the
default groups. Release it.
Configure the taskbar

• Click Start, and right-click Calculator, click More, and then click Pin to taskbar.
Module Review and Takeaways

Review Questions
Question: What are some of the more significant issues that an organization faces when it allows users to
bring their own devices to the workplace and connect to the corporate network?
Answer: Most personal devices that users have will remain unmanaged, meaning they may not
adhere to corporate standards in terms of apps, security and update settings, and other criteria.
This can present security and management challenges.
Question: What is the purpose of Client Hyper-V in Windows 10?
Answer: Client Hyper-V enables you to create discrete operating-system environments within
Windows 10 that can support legacy or specialist apps that might not work correctly in Windows
10 natively. For example, these apps might require earlier Windows versions.
Lab Review Questions and Answers

Lab: Navigating and customizing the user interface

Question: In the lab, you configured the user’s desktop and Start settings. In your workplace, do you
typically let users configure these settings?
Answer: Answers will vary depending upon workplace policies. Typically, many organizations
prefer to configure standard desktop settings.
Question: In the lab, you removed the Calculator app from the Microsoft Office group. Is this the same as
uninstalling the app?
Answer: No. Removing the tile from a group merely removes the app’s shortcut from the group.
This is similar to deleting a desktop shortcut in earlier Windows versions. To remove the app, you
must choose explicitly to Uninstall the app.
Installing Windows 10 2-1
Module 2
Installing Windows 10
Contents:
Lesson 1: Installing Windows 10 2
Lesson 2: Upgrading to Windows 10 6

Lesson 1
Installing Windows 10
Contents:
Demonstration: Installing Windows 10 4

Question: Which Windows ADK tool do you use to create provisioning packages?
( ) User State Migration Toolkit
( ) Windows PE
( ) Deployment Image Servicing and Management
( ) Windows Configuration Designer
( ) Windows System Image Manager
Answer:
( ) User State Migration Toolkit
( ) Windows PE
( ) Deployment Image Servicing and Management
(√) Windows Configuration Designer
( ) Windows System Image Manager
Feedback: Windows Configuration Designer is the Windows ADK tool you use to create
provisioning packages.
Question: You want to secure your laptop by enabling BitLocker. Which editions of Windows 10 include
BitLocker?
( ) Windows 10 Home
( ) Windows 10 Pro
( ) Windows 10 Enterprise
( ) Windows 10 Education
Answer:
( ) Windows 10 Home
(√) Windows 10 Pro
(√) Windows 10 Enterprise
(√) Windows 10 Education
Feedback: Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education include

BitLocker.
Discussion: Selecting a Windows 10 Edition

Question: Which edition of Windows 10 would you recommend for purchase by Contoso
Pharmaceuticals for supervision of its production lines?
Answer: Windows 10 Enterprise Long-Term Servicing Channel (LTSC), because the production
line software requires a stable operating system that does not receive new features.
Question: Which edition of Windows 10 is the most suitable for the hospital employees doing surveys?
Answer: Windows 10 Mobile or Windows 10 Mobile Enterprise running on a phone or tablet,

because these devices are lightweight and employees can use them without a keyboard.
Question: Which edition of Windows 10 would you recommend that Contoso Pharmaceuticals use?
Answer: Windows 10 Enterprise, because you can use AppLocker to limit users to running only
authorized apps.
Demonstration: Installing Windows 10

Demonstration Steps
Mount the Windows 10 DVD

1. Start Hyper-V Manager, if it is not already running.
2. In the Virtual Machines pane, right-click 20697-1D-LON-CL5, and then click Settings.
3. In the hardware pane, click DVD drive.
4. In the DVD drive pane, click Image file, and then click Browse.
5. In the Open window, locate the .iso file. It should be located at D:\Program Files\Microsoft
Learning\20697-1\Drives\ Win10_1709_Eval.iso.
6. Click Open.
7. In the Settings window, click OK.
Start the 20697-1D-LON-CL5 VM

1. Double-click the 20697-1D-LON-CL5 virtual machine (VM).
2. Click the Start icon to start the 20697-1D-LON-CL5 VM.
Install Windows 10
1. On the first page of the Windows setup program, make sure that the settings are:
a. Language to install: English (United States)
b. Time and currency format: English (United States)
c. Keyboard or input method: US
2. Click Next.
3. On the second page of the Windows Setup Wizard, click Install now.
4. On the Applicable notices and license terms page, select the check box I accept the license terms.
5. Click Next.
6. On the Which Type Of Installation Do You Want page, click Custom: Install Windows only
(advanced).
7. On the Where do you want to install Windows page, ensure that Drive 0 Unallocated space is
selected. Click Next. The install begins. It will take a few minutes to complete.
8. On the Let’s start with region. Is this right? page, click Yes.
9. On the Is this the right keyboard layout? page, click Yes.
10. On the Want to add a second keyboard layout? page, click Skip.
11. On the Let’s connect you to a network page, click Skip for now.
12. On the Who’s going to use this PC? page, in the Username box, type LocalAdmin, and then click
Next.
13. On the Create a super memorable password and Confirm your password pages, in the Password
box, type Pa55w.rd, and then click Next.
14. On the Add a hint for your password page, in the Password hint box, type A good password, and
then click Next.
15. On the Make Cortana your personal assistant? page, click Yes.
16. On the Choose privacy settings for your device page, click Accept.
Revert virtual machines

When you finish the demonstration, revert the virtual machine to its initial state. To do this, complete the
following steps:
1. On the host computer, open Hyper-V Manager.
2. In the Virtual Machines list, right-click 20697-1D-LON-CL5, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.

Lesson 2
Upgrading to Windows 10
Contents:

Question: Migration is the preferred method of upgrading to Windows 10.
( ) True
( ) False
Answer:
( ) True
(√) False
Feedback: Performing an in-place upgrade is the preferred method of upgrading to Windows

10.
Question: You need to migrate user state after an in-place upgrade.
( ) True
( ) False
Answer:
( ) True
(√) False
Feedback: All applications, user settings, and files are available after an in-place upgrade.
Discussion: Common Upgrade and Migration Scenarios

Question: What is the best upgrade method for the 100 workstations running Windows 7 at Contoso
Pharmaceuticals?
Answer: Side-by-side migration
Feedback: Side-by-side migration is the most suitable method because Contoso Pharmaceuticals
wants a more standardized environment. Therefore, it is better to start with the same baseline on
all computers.
Question: What is the best upgrade method for the 25 computers at Litware, Inc.?
Answer: In-place upgrade
Feedback: In-place upgrade is the preferred upgrade method in Windows 10 and this scenario
does not require a different method. This is a straightforward upgrade from supported operating
systems.
Question: What is the best upgrade method for the 5,000 client computers at A. Datum?
Answer: In-place upgrade
Feedback: In-place upgrade is the preferred upgrade method in Windows 10 and this scenario
does not require a different method.
Question: What is the best upgrade method for the 50 users who are getting new computers at Contoso
Pharmaceuticals?
Answer: Wipe-and-load migration
Feedback: Wipe-and-load migration is the best method for the users receiving new computers
with Windows 10. This method will take all the settings and files from the old computers and
migrate them to the new computers. The only issue is that the new computers will require
installation of all applications.

Review Questions
Question: Your organization wants to deploy Windows 10 and wants to be able to join the computers to
Microsoft Azure Active Directory. Which edition(s) of Windows 10 will you be able to use?
Answer: Windows 10 S, Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education.
Question: You have a few computers running Windows Vista. What is a supported method of upgrading
the computers to Windows 10?
Answer: First, upgrade to Windows 7 Service Pack 1 (SP1), and then upgrade to Windows 10.
Alternatively, capture user settings, do a clean install of Windows 10, install applications, and then
restore user settings.
Tools
The following table lists the tools that this module references.
Tool Use to Where to find it
Windows ADK Assess and deploy Windows Microsoft Download Center
Upgrade Analytics Check application compatibility Microsoft Operations

for Windows 10 Management Suite
Windows SIM Create and edit answer files Windows ADK
USMT Migrate user settings Windows ADK
DISM Service Windows image files Windows ADK
Volume Activation Manage volume Windows Windows ADK

Management Tool activation
Windows Configuration Manage images and provisioning Windows ADK

Designer packages

Lab: Installing Windows 10

Question: What is the preferred method of upgrading to Windows 10: in-place upgrade or migration?
Answer: Starting with Windows 10, the preferred method of upgrading to Windows is an in-
place upgrade. Previously, the preferred method was migration.
Question: Which tools from Microsoft can help you automate the deployment of Windows 10?
Answer: The Windows Assessment and Deployment Kit (Windows ADK) contains the Windows
System Image Manager (Windows SIM), Deployment Image Servicing and Management (DISM),
and Imaging and Configuration Designer to help you with building answer files and images. The
Microsoft Deployment Toolkit (MDT) can help to automate the deployment itself. User State
Migration Tool (USMT) will help to migrate user settings, if you do a migration instead of an in-
place upgrade.
Configuring Your Device 3-1
Module 3
Configuring Your Device
Contents:
Lesson 1: Overview of tools you can use to configure Windows 10 2
Lesson 2: Common configuration options 9
Lesson 3: Managing user accounts 13
Lesson 4: Using OneDrive 17

Lesson 1
Overview of tools you can use to configure Windows
10
Contents:
Resources 5
Demonstration: Configuring a device 5
Demonstration: Using GPOs to configure devices 7

Categorize Activity
Question: Categorize each item below into the appropriate category. Indicate your answer by writing the
category number to the right of each item.
Items
1 Learn what the Get-Process cmdlet does.
2 Scripts can run, but must be signed by a trusted publisher.
3 Shows whether a service is running or stopped.
4 Find out all the cmdlets you can use with the Get verb.
5 Removes all restrictions on running scripts.
6 Shows status of all services.
7 Find examples of various cmdlets.
8 Locally created scripts can run.
9 Retrieve a list of services.
Category 1 Category 2 Category 3
Get-Help Set-ExecutionPolicy Get-Service
Answer:
Get-Help Set-ExecutionPolicy Get-Service
Learn what the Get- Scripts can run, but must be Shows whether a service is
Process cmdlet does. signed by a trusted running or stopped.
Find out all the cmdlets publisher. Shows status of all services.
you can use with the Removes all restrictions on Retrieve a list of services.
Get verb. running scripts.
Find examples of various Locally created scripts can
cmdlets. run.
Question: Categorize each item below into the appropriate category. Indicate your answer by writing the
Items
1 Set the main display for the computer
2 Query IP address
3 Enable a policy setting for all computers in an organizational unit (OU)
4 Check for updates
5 Test the secure channel to the domain
6 Map a drive letter for all users in the domain
7 Add a Microsoft account
8 Add parameters to filter a returned list
9 Add an interactive logon message
Settings app Windows PowerShell GPO
Answer:
Settings app Windows PowerShell GPO
Set the main display for Query IP address Enable a policy setting for all
the computer Test the secure channel to computers in an
Check for updates the domain organizational unit (OU)
Add a Microsoft account Add parameters to filter a Map a drive letter for all
returned list users in the domain
Add an interactive logon
message
Resources
Using Windows PowerShell
Additional Reading: To learn more about the Microsoft Script Center, see “Microsoft Script
Center” at http://aka.ms/ipge1q.
Demonstration: Configuring a device

Demonstration Steps
Explore and use the Settings app
1. On LON-CL1, click the Start menu, and then click the Settings item. Maximize the Settings page.
2. On the Settings page, click the System item.
3. In the console tree, ensure that the Display item is selected, and then in the details pane, in the
Resolution box, click the down arrow, and then select 1280 X 800.
4. In the Keep these display settings window, click Keep changes.
5. In the navigation pane, click Home. This returns you to the main Settings page.
6. On the Settings page, click Devices.
7. In the navigation pane, click AutoPlay.
8. To turn off AutoPlay, in the content pane, click Use AutoPlay for all media and devices.
9. Review the other Settings items, and explain what they do. When you are finished, close all open
windows.
Explore and use Control Panel

1. On the taskbar, in the Type here to search box, type Control Panel, and then press Enter.
2. Spend just a few moments going over some of the items in Control Panel, because most Control
Panel functionality has not changed. If you have time, try to find the equivalent items in the Settings
app, or ask the students if they can find them.
3. Close Control Panel.
Open and use Windows PowerShell

1. On the taskbar, in the Type here to search box, type PowerShell, and then select Windows
PowerShell.
2. At the Windows PowerShell command prompt, type Get-Command, and then press Enter.
3. Tell the class about the History cmdlet. Explain how to access it by pressing the Up arrow, and
explain how the Tab key can help to finish long cmdlets.
4. Press the Up arrow, and then after Get-Command, type one space, type –Listi, and then press Tab.
The parameter should change to –ListImported. Press Enter. Review the reduced return set with the
class.
5. At the Windows PowerShell command prompt, type Get-Help New-Item, and then press Enter. If a
message is returned that says “Do you want to run Update-Help?”, type N, and then press Enter.
Note: Note the Remarks section of the reply, and then explain how you would use the –
Online parameter to get the additional content.
6. At the Windows PowerShell command prompt, type ipconfig.exe /all, and then press Enter.
7. At the Windows PowerShell command prompt, type Get-NetIPAddress, and then press Enter. Note
the similarities and differences between the two outputs that are returned.
8. Close Windows PowerShell.
Use the Windows PowerShell ISE

1. Click Start, and then on the Start menu, scroll down to the Windows PowerShell folder.
2. Right-click the third item in the returned list: Windows PowerShell ISE, and then click More > Run
as Administrator.
3. If the User Account Control dialog box opens, click Yes.
4. In the Windows PowerShell ISE, at the Windows PowerShell command prompt, type Get-
ExecutionPolicy, and then press Enter. Confirm that the current execution policy is Unrestricted.
5. If it is Restricted, at the Windows PowerShell command prompt, type Set-ExecutionPolicy –

Unrestricted, and then press Enter.
6. To select Yes to All [A], type A, and then press Enter.
Open and review a script

1. In the Windows PowerShell ISE, click File, and then click Open.
2. In the Open window, browse to E:\Labfiles\Mod03, click Services.ps1, and then click Open.
3. Read the script, and then explain what the script does.
Note:
o Comments are green.
o Variables are red.
o Cmdlets are bright blue.
o Text in quotation marks is dark red.
For accessibility information, see “Accessibility in Windows PowerShell ISE” at

https://docs.microsoft.com/en-us/powershell/scripting/setup/accessibility-in-windows-
powershell-ise.
Modify and test a script

1. Select line 3 in the script, and then press F8 to run the selection.
2. Read the output in the console pane, and then notice that the line from the script appears in the
console pane.
3. In the console pane, type $services, and then press Enter.
4. Read the output in the console pane. Notice that a list of services displays.
5. Press F5 to run the script.
6. Read the output, and then notice that it does not have multiple colors.
7. At the end of line 14, type a space, and then type –ForegroundColor $color.
9. In the Windows PowerShell ISE dialog box, select the In the future, do not show this message
check box, and then click OK.
10. Read the output, and then notice that running services are green, whereas services that are not
running are red.
11. On line 16, type Write-Host "A total of" $services.count "services were evaluated".
13. In the Commands pane, in the Name box, type Write-Host, and then click Write-Host.
14. In the BackgroundColor box, type Gray.
15. In the ForegroundColor box, type Black.
16. In the Object box, type "Script execution is complete".
17. Click Copy, and then paste onto line 17 of the script.
19. Press Ctrl+S to save the script.
20. Close all open windows.
Run a script from the Windows PowerShell command prompt

1. On the taskbar, in the Type here to search box, type PowerShell, and then select Windows
PowerShell.
2. At the Windows PowerShell command prompt, type Set-Location E:\Labfiles\Mod03, and then
press Enter.
3. Type .\Services.ps1, and then press Enter.
4. Close the command prompt.
Demonstration: Using GPOs to configure devices

Demonstration Steps
Explore the Group Policy Editor on the local Windows 10 computer

1. On LON-CL1, on the taskbar, in the Type here to search box, type gpedit.msc, and then press Enter.
2. Maximize the console window. Explain that most of the formatting and functionality of Local
Computer Policy in the Group Policy Editor has not changed. Spend a few moments exploring the
various console tree items and what appears in the details pane.
3. Close the Local Group Policy Editor console.
Configure and test a domain GPO that alters the Windows 10 display settings
1. On LON-DC1, in Server Manager, in the Tools box, select Group Policy Management.
2. Expand the Group Policy window, and then from the console tree, expand Forest: Adatum.com,
expand Domains, expand Adatum.com, and then select the Group Policy Objects node.
3. Right-click the Group Policy Objects node, and then select New.
4. In the New GPO dialog box, in the Name box, type Win10 Display, and then click OK.
5. In the details pane, right-click Win10 Display, and then select Edit. The Group Policy Management
Editor opens.
6. Maximize the console.
7. In the console tree, under Computer Configuration, expand Policies, expand Windows Settings,
expand Security Settings, expand Local Policies, and then select Security Options. In the details
pane, scroll down, and then double-click Interactive Logon: Message title for users attempting to
log on.
8. In the Interactive Logon: Message title for users attempting to log on dialog box, select the
Define this policy setting check box. In the box, type Attention!, and then click OK.
9. In the details pane, double-click Interactive Logon: Message text for users attempting to log on.
Note: This setting is just above the Interactive Logon: Message title for users
attempting to log on item from step 7.
10. In the Interactive Logon: Message text for users attempting to log on dialog box, select the
Define this policy setting in the template check box. In the box, type This computer belongs to
Adatum Corporation, and then click OK.
11. Close the Group Policy Management Editor.
12. In the Group Policy Management console, in the console tree, right-click the Adatum.com item,
and then click Link an Existing GPO.
13. In the Select GPO window, select the Win10 Display item, and then click OK.
14. Close the Group Policy Management console.
15. Return to LON-CL1. On the taskbar, in the Type here to search box, type cmd, and then press Enter.
16. At the command prompt, type gpupdate /force, and then press Enter. After the update reports
success, close the command prompt.
17. Click the Start icon, and then on the Start menu, click Administrator at the top, and then click Sign
out.
18. In the Virtual Machine Connection window, click Ctrl+Alt+Delete. The message "Attention! This
computer belongs to Adatum Corporation" appears. Click OK, and then sign in as
Adatum\Administrator with the password Pa55w.rd.
Note: The message will be displayed when users sign in to LON-CL1 for the rest of the
demonstrations in this module.
Lesson 2
Common configuration options
Contents:
Demonstration: Configuring Display Options 10
Demonstration: Configuring power options 11

Question: Which default power plan offers the greatest savings of electrical power?
( ) High Performance
( ) Balanced
( ) Power Saver
( ) Economy
( ) Lightning Speed
Answer:
( ) High Performance
( ) Balanced
(√) Power Saver
( ) Economy
( ) Lightning Speed
Feedback: The power saver option conserves the most power, because its settings turn off or
hibernate the device in the shortest amount of time.
Question: There are several ways to make configuration changes to a Windows 10-based computer.
Which method allows you to make changes the most quickly?
( ) GPO
( ) Settings app
( ) Control Panel
( ) Windows PowerShell
( ) Preference
Answer:
( ) GPO
(√) Settings app
( ) Control Panel
( ) Windows PowerShell
( ) Preference
Feedback: The Settings app is the quickest way to make configuration changes. However,
Control Panel allows for deeper-level changes that might not be available in the Settings app.
Demonstration: Configuring Display Options

Demonstration Steps
1. On LON-CL1, click the Start menu, and then click the Settings item. If necessary, maximize the
Settings page.
2. On the Settings page, click the System item.

3. In the console tree, ensure that the Display item is selected, and then in the details pane, scroll down
to the available items and explain their functions. Remind the students that different devices will have
different settings.
4. Note the Change the size of text, apps, and other items list. Select the item with 125%.
5. Note that the "Some apps won't respond to scaling changes until you sign out" message appears.
Click Sign out now.
6. Sign in again as Adatum\Administrator with the password Pa55w.rd.
Note: If a dialog box opens that says "Attention! This computer belongs to the Adatum
Corporation", click OK.
7. Right-click the empty desktop, and then click Display settings. Maximize the Settings window.
8. In the Resolution box, click the down arrow, select 1366 X 768, and then click Apply.
9. In the Keep these display settings window, click Keep changes.
10. To return to the main Settings page, click Home.
11. Click the Personalization category icon.
12. Spend a few minutes going over the various items. Go through the various console tree items:
Background, Colors, Lock screen, and Themes. In the console tree, click the Themes category.
13. In the console tree, go to Start, and then explain the items there.
14. Close all open windows, and then sign out.
Demonstration: Configuring power options

Demonstration Steps
1. On LON-CL4, on the taskbar, in the Type here to search box, type Power, and then in the returned
list, under Settings, click Power & sleep settings.
Note: If Power & sleep settings does not appear under Settings, you can find it under
Best match.
On the Power and Sleep page, note that the only available option in the Screen section says When
plugged in, turn off after and that under this is a list that includes different time periods. 10 minutes is
the default for this list. Tell the class that the various hyperlinks in the console tree might differ,
depending on the type of device for which you are configuring settings. For example, laptops will have
additional options for the lid and battery.
2. Click the Additional power settings hyperlink.
Note: In Control Panel, on the Power Options page, in the Choose or customize a power
plan section, discuss the two plans shown in the details pane: Balanced and Power saver. Note
that Balanced is the installed default.
3. On the Show additional plans line, click the down arrow to reveal the High performance plan.
Discuss the Change plan settings hyperlink beside each plan.
4. In the console tree, click the Create a power plan hyperlink.

Note: In the lower part of the page, all three default plans appear with the Plan name box.
Explain that a new plan always has the settings from one of the three plans as its foundation.
Emphasize that the students should know the details of the three plans before creating a custom
plan, because those details might include the settings that you want to configure.
5. In the Plan name box, type Demo Plan. Accept the selected plan above it, and then click Next.
6. Use the back arrow in the upper left to go back and change the selected default plan. Look closely at
each plan, starting with Balanced, to show the differences among them. Look at Power Saver and
then at High performance. Finish on the Change settings for the plan page of the High
performance default plan.
7. In the Turn off the display box, select Never (if already set to Never, change to 5 hours), and then
click Create.
8. Note that on the Power Options page, Demo Plan is now selected.
9. Click Change plan settings next to Demo Plan.
10. In the Change settings for the plan: Demo Plan window, select Change advanced power settings.
11. In the Power Options window, explain what the various options do.
12. Expand the Wireless Adapter Settings item, expand the Power Saving Mode item, click the
Maximum Performance box, and then change it to Medium Power Saving. Click OK.
13. On the Change settings for the plan: Demo Plan page, set the Turn off the display setting to 4
hours, and then click Save changes.
15. Revert 20697-1D-LON-CL4.

Lesson 3
Managing user accounts
Contents:
Demonstration: Create and connect a Microsoft account 15

Question: What type of account can become a Microsoft account?
( ) Xbox Live
( ) Hotmail
( ) Windows Live ID
( ) Microsoft Passport
( ) All of the above
Answer:
( ) Xbox Live
( ) Hotmail
( ) Windows Live ID
( ) Microsoft Passport
(√) All of the above
Feedback: You already have a Microsoft account if you sign in to services such as OneDrive, Xbox
Live, Outlook.com, Hotmail, or Windows Phone. This also applies to the legacy Windows Live ID
and Microsoft Passport sign-ins.
Discussion: When to Use a Microsoft account

Question: When would you use a domain account?
Answer: In general, most organizations, whether business, nonprofit, or government, will use an
AD DS domain. Therefore, you would use a domain account in these scenarios. A domain account
provides for secure authentication and managed access to all of the organization’s resources.
Question: Under what circumstances would you not be able to use a domain account on a Windows 10
device?
Answer: Windows 10 offers so many account choices, choosing the right one may be confusing.
However, despite the popularity of the BYOD method, you may not be able to give users’ own
devices a domain account. Therefore, you would not be able to sign in as a domain user.
Question: What is the benefit of using a Microsoft account?
Answer: When you connect a Microsoft account with your local or domain account, you can
access Microsoft cloud services such as Microsoft OneDrive, Mail, Calendar, People, and other
personal apps. You can browse the Microsoft Store even if you do not have a Microsoft account,
but to download and install a Microsoft Store app, you must sign up for a Microsoft account.
Question: The staff at a military base has a special computer that they use to encrypt orders. They want
to install Windows 10 on it. Due to security issues, it cannot be on a network. What kind of account should
you use?
Answer: You should use a local account in this case.
Question: Contoso, Ltd. has a vigorous Office 365 and Azure cloud-service presence. They have tied in
their on-premises AD DS infrastructure with Azure AD. What might Contoso do to ensure that users do
not must sign in to Windows 10 on one account, and then into Office 365 and Azure on another?
Answer: If the AD DS account is associated with a synchronized Azure AD account, then

Windows 10 can use Azure AD to authenticate the user for sign-in.
Demonstration: Create and connect a Microsoft account

Demonstration Steps
1. On LON-CL1, on the Start menu, click Settings.
2. In Settings, click Accounts.
3. In the console tree, select Other people, and then click the Add someone else to this PC plus sign.
4. In the How will this person sign in? window, click I don’t have this person’s sign-in information.
5. In the Microsoft account window, click Get a new email address.
6. Create a Microsoft account with the following values, and then click Next:
o New email: Your first name + Last name's first letter (for example, KariT) + 20697-1D
Note: This should return a check mark with the statement "Your first name + Last
name's first letter20697-1D@outlook.com is available". If it does not, go back and add the
second letter of your last name to the email address (for example, KariTr). You might need
to continue to add letters until you reach a name that is unique.
Note: If you select a country or region other than the United States, the birth date
boxes do not appear. This is expected behavior, and you do not need to enter a birth date in
this scenario.
o Password: Pa55w.rd123
o Country/region: your country or region
o Birth month: January
o Birth day: 1
o Year: 1990
o Add security info, Phone number: 888-555-1212 or a number of your choice.
Note: The telephone number will not receive a call or text through this account. This is not
important for the purposes of this lab. It matters only that the pattern fit your country’s or
region’s telephone system.
7. In the See what’s most relevant to you window, click Next.
8. If the Help us verify your identity page appears, type your mobile phone number, and then click
Send code. When you receive the code, type it in the Enter the access code box, and then click
Next.
10. Sign in as LON-CL1\Admin with the password Pa55w.rd.
11. Click the Start menu, click Admin, click Your first name + Last name's first letter20697-
1D@outlook.com, type the password Pa55w.rd123, and then press Enter.
Note: It will take a few minutes to create your profile.
12. On the Use Windows Hello instead of your password page, click Skip this step.
13. If the Get your files here, there, everywhere page appears, click Next.

Lesson 4
Using OneDrive
Contents:
Resources 18
Demonstration: Synchronizing settings with OneDrive 18

Question: You can synchronize files individually in OneDrive subfolders.
( ) True
( ) False
Answer:
( ) True
(√) False
Feedback: You can synchronize files only in the root of OneDrive, or an entire subfolder’s
contents.
Resources
What is OneDrive?
Additional Reading: To read more about OneDrive, refer to “One Drive” at

http://aka.ms/lv5n2s.
Demonstration: Synchronizing settings with OneDrive

Demonstration Steps
1. On LON-CL2, on the Start menu, select the Settings app.
2. Click Accounts, and then in the console tree, select Other people, and then click the Add someone
else to this PC plus sign.
3. On the How will this person sign in? page, in the Email or phone box, type Your first name + Last
name's first letter20697-1D@outlook.com, and then click Next.
4. On the Good to go page, click Finish.
5. Close the Settings app, and then on the Start menu, click the Admin section, and then click Your first
name + Last name's first letter20697-1D@outlook.com.
6. In the Password text box, type Pa55w.rd123, and then press Enter.
7. Note that it takes a few minutes to build the profile.
8. If the Use Windows Hello instead of your password page appears, click Skip this step.
9. If the Get your files here, there and everywhere page appears, click Yes.
10. On the taskbar, click the File Explorer icon, and then select the OneDrive node.
Note: If a OneDrive wizard opens, the following steps are necessary:
A. On the This is your OneDrive folder page, click Next.
B. On the Sync files from your OneDrive page, click Next.
C. Close the Your OneDrive is ready for you page.
It might take a few minutes before the OneDrive node appears for the first time.
11. In the console tree of File Explorer, under OneDrive, select the Documents folder, right-click the
empty space in the details pane, select New, Text document, type I was here.txt in the name box,
and then press Enter.
12. Double-click the I was here.txt document, and then when Notepad opens, type I was here on LON-
CL2. Press Ctrl+S, and then close Notepad.
13. Return to LON-CL1. On the taskbar, click the File Explorer icon, and then select the OneDrive node.
Note: If the Set up OneDrive page appears, perform the following steps:
A. On the Set up OneDrive page, in the Email box, type Your first name + Last name's first
letter20697-1D@outlook.com, and then click Sign in.
B. On the Enter password page, in the Password box, type Pa55w.rd123, and then click Sign in.
C. On the This is your OneDrive page, click Next.
D. On the Sync files from your OneDrive page, click Next.
E. On the Office 365 Personal with Premium OneDrive features page, click Not now.
F. On the Welcome to OneDrive page, click the right arrow three times.
G. On the You’re all set! page, click Open my OneDrive folder.
14. In the OneDrive node, open the Documents folder. After a few minutes, the I was here.txt
document should appear (it might take up to five minutes).
15. When the I was here.txt document appears, double-click it.
16. In the Notepad window, directly under the I was here on LON-CL2 line, type Now I’m here on
LON-CL1, and then press Enter.
17. Press Ctrl+S, and then close Notepad. Make a note of the date and time of the I was here.txt file.
18. Return to LON-CL2 and if File Explorer is not still open, click the File Explorer icon on the taskbar,
and then select the OneDrive node. In the OneDrive node, select the Documents folder.
19. Make a note of the date and time of the I was here.txt document. When it changes to the date and
time you noted from LON-CL1, double-click the file (it might take up to five minutes to change).
Note: You should now see two lines in Notepad, as follows:

I was here on LON-CL2
Now I’m here on LON-CL1
20. On the taskbar, in the notification area, click the Show hidden icons icon, right-click the OneDrive
icon, and then click Settings.
21. Click the Settings tab.
22. On the Settings tab, in the Files On-Demand section, select the Save space and download files as
you use them check box, and then click OK.
23. In File Explorer, in the navigation pane, click OneDrive.
24. Note the Status column indicating the availability status for each file and folder.
25. Close all open windows, and then sign out of all virtual machines.

Review Questions
Question: What happens to a Windows 10 tablet device when you remove the magnetically attached
keyboard?
Answer: Windows 10 has a feature called Continuum that senses when you remove a tablet’s
keyboard or remove the tablet from a docking station. When this happens, Continuum puts the
device into tablet mode, which changes the Start menu back to a Start screen. The Continuum
feature maintains the desktop and ensures that the taskbar is accessible in Tablet mode, and you
can scroll the Start screen tiles across the desktop, just as you did with the Start screen tiles in
Windows 8.
Question: What is the difference between a child and adult family member Windows 10 account?
Answer: You can add a child account to your family to increase a child’s safety online. Adults in
the family can view reports of the child’s online activity, limit how long and when they use their
devices, and help ensure that they do not access inappropriate websites, apps, or games. You can
manage family settings online at account.microsoft.com/family, and changes will be applied to
any Windows 10 device to which the child signs in.
Question: What is the main benefit of using AD DS GPOs to provide settings for Windows 10-based
computers?
Answer: AD DS GPOs provide centralized management of computer settings, and allow domain
security enforcement and user and computer enhancements without having to visit each
machine to configure them. You can manage almost everything by using a GPO.
Tools
The following table lists the tools that this module references.
Tool Used to Where to find it
Settings app Configure almost any Windows In the Start menu. This tool is a part
10 setting of the Windows 10 operating
system.
Action Center Quickly provide broad changes to In the notification area on the
the Windows 10 device, such as taskbar in the Notifications icon.
putting the device in Airplane or This tool is a part of the Windows
Tablet mode or connecting to a 10 operating system.
Miracast capable device.
Common Issues and Troubleshooting Tips

Common Issue Troubleshooting Tip
Cannot add or apply a Microsoft account. You cannot add or apply a Microsoft account in a
Clicking Sign in with a Microsoft account domain if you are signed in as a domain
instead results in an error. administrator. You must sign out as Administrator and
sign in as a standard user to use a Microsoft account.
Cannot sync an offline file in OneDrive. Windows 10 has removed the placeholders file
concept in OneDrive. More information will be
provided after the final release. When you right-click
a OneDrive folder in File Explorer, you can select
Choose OneDrive folders to sync. This causes the
Sync your OneDrive files to this PC page to open,
so that you can select which folders to synchronize.
Files in OneDrive no longer show offline or online
status.

Lab A: Configuring Windows 10

Question: What was the purpose of building the Write-Host cmdlet in the Commands window in
Windows PowerShell ISE?
Answer: The Commands window will list the parameters available for a given cmdlet and allow
you to create a complex cmdlet to insert into the script.
Question: You set a Computer Configuration Preference to disable the EFS service on LON-CL1. Could
a user start that service on the targeted computer?
Answer: Yes. Preferences are not enforced. Users can change them if they have the necessary
permissions and rights on a computer.
Lab B: Synchronizing settings with OneDrive

Question: Microsoft accounts can also get a free email address. In what domain is the address registered?
Answer: Outlook.com
Question: How do you synchronize new folders in Windows 10 OneDrive File Explorer node?
Answer: You must select the Choose OneDrive folders to sync menu option and the Sync all
files and folders in my OneDrive check box. Within a few minutes, the folder or file should
appear in the OneDrive node in File Explorer on other devices. However, because you can clear
this check box, and you have selectively set only some folders to synchronize, you would must
select the check box beside the new folder’s name in the Choose OneDrive folders to sync
menu option.
Configuring Network Connectivity 4-1
Module 4
Configuring Network Connectivity
Contents:
Lesson 1: Configuring IP Network Connectivity 2
Lesson 2: Implementing Name Resolution 6
Lesson 3: Implementing Wireless Network Connectivity 9
Lesson 4: Overview of Remote Access 11

Lesson 1
Configuring IP Network Connectivity
Contents:
Demonstration: Configuring an IPv4 Connection 3

Question: Domain-joined computers cannot join homegroups.
( ) True
( ) False
Answer:
( ) True
(√) False
Feedback: Although domain-joined computers cannot create homegroups, they can join existing
homegroups.
Question: Which command would you use to obtain a new lease from a DHCP server?
( ) Ping
( ) Tracert
( ) Netsh
( ) Ipconfig
( ) NSLookup
Answer:
( ) Ping
( ) Tracert
( ) Netsh
(√) Ipconfig
( ) NSLookup
Feedback: You would use the Ipconfig command with the /renew switch to obtain a new lease.
Demonstration: Configuring an IPv4 Connection

Demonstration Steps
View IPv4 configuration from a GUI

1. Switch to LON-CL1.
2. Click the Network icon in the notification area, and then click Network & Internet settings.
3. Click Network and Sharing Center.
4. In Network and Sharing Center, to the right of the Adatum.com Domain network, click Ethernet.
5. In the Ethernet Status dialog box, click Details. This window displays the same configuration
information for this adapter as would the Ipconfig command.
6. In the Network Connection Details window, click Close.
7. In the Ethernet Status dialog box, click Properties. You can configure protocols in this window.
8. Click Internet Protocol Version 4 (TCP/IPv4), and then click Properties. You can configure the IP
address, subnet mask, default gateway, and Domain Name System (DNS) servers in this window.
9. Click Advanced. In the Advanced TCP/IP Settings window, you can configure additional settings,
such as additional IP addresses, DNS settings, and Windows Internet Name Service (WINS) servers for
NetBIOS name resolution.
10. Close all open windows without modifying any settings.
View IPv4 configuration from a command line

1. Right-click Start, and then click Windows PowerShell (Admin).
2. At the Windows PowerShell command prompt, type Get-NetIPAddress, and then press Enter.
3. At the Windows PowerShell command prompt, type Get-NetIPv4Protocol, and then press Enter.
4. At the Windows PowerShell command prompt, type netsh interface ipv4 show config, and then
press Enter. The current IPv4 configuration is displayed.
5. At the Windows PowerShell command prompt, type ipconfig /all, and then press Enter.
Test connectivity
1. At the Windows PowerShell command prompt, type test-connection LON-DC1, and then press
Enter.
2. At the Windows PowerShell command prompt, type netstat -n, and then press Enter. Observe and
describe the active connections to 172.16.0.10. Most connections to services are transient.
3. If no connections appear, create a connection. To create a connection, in the Type here to search
box, type \\LON-DC1, and then press Enter.
4. In File Explorer, double-click netlogon.
5. At the Windows PowerShell command prompt, type netstat -n, and then press Enter. Identify the
services that LON-CL1 had connections to on LON-DC1.
Check Windows Defender Firewall configuration

3. Click Windows Defender Firewall.
4. In Windows Defender Firewall, click Advanced settings.
5. In Windows Defender Firewall with Advanced Security, expand Monitoring, and then click
Firewall. These are the active firewall rules.
6. Switch back to the Windows PowerShell prompt.
7. At the Windows PowerShell command prompt, type netsh advfirewall firewall show rule name=all
dir=in, and then press Enter.
8. Review the results, which display all inbound rules.
9. Close all open windows, except for the Administrator: Windows PowerShell window.
Reconfigure the IPv4 configuration

4. In the Ethernet Status dialog box, click Properties. In this window, you can configure protocols.
5. Click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.

6. In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, click Obtain an IP address
automatically. Notice that when you click this, the Alternate Configuration tab becomes available.
7. Click Obtain DNS server address automatically.
8. Click the Alternate Configuration tab. Configuration information on this tab is used when no DHCP
server is available.
9. Click OK to save the changes.
10. In the Ethernet Properties dialog box, click Close.
11. In the Ethernet Status dialog box, click Details. Notice that DHCP is enabled, and that the IP address
of the DHCP server displays.
12. Switch to the Windows PowerShell command prompt.
13. At the Windows PowerShell command prompt, type Get-NetIPAddress, and then press Enter.

Lesson 2
Implementing Name Resolution
Contents:
Demonstration: Configuring and Testing Name Resolution 7

Question: Which command(s) should you always use before starting to test name resolution? Choose all
that apply.
( ) Ipconfig /release
( ) Ipconfig /flushdns
( ) Clear-DnsClientCache
( ) Purge-DnsClientCache
Answer:
( ) Ipconfig /release
(√) Ipconfig /flushdns
(√) Clear-DnsClientCache
( ) Purge-DnsClientCache
Feedback: The Ipconfig /flushdns and Clear-DnsClientCache commands enable you to empty
the DNS resolver cache. You can then perform your name resolution tests knowing that local
cache is not in use, thereby invalidating your test. You need not use both commands, but just
one or the other.
Demonstration: Configuring and Testing Name Resolution

Demonstration Steps
Verify the IPv4 configuration

2. In the notification area, click the Network icon, and then click Network & Internet settings.
5. In the Ethernet Status dialog box, click Details.
6. Point to students that DHCP is enabled, and that the IP address of the DHCP server displays. Notice
the DNS server address.
7. In the Network Connection Details dialog box, click Close.
8. In the Ethernet Status dialog box, click Close.
View and clear the name cache

2. At the Windows PowerShell command prompt, type ipconfig /displaydns, and then press Enter.
3. At the Windows PowerShell command prompt, type Get-DnsClientCache, and then press Enter.
4. At the Windows PowerShell command prompt, type ipconfig /flushdns, and then press Enter.
5. At the Windows PowerShell command prompt, type Clear-DnsClientCache, and then press Enter.
Test name resolution to LON-DC1

1. At the Windows PowerShell command prompt, type test-connection lon-dc1, and then press Enter.
2. At the Windows PowerShell command prompt, type Get-DnsClientCache | fl, and then press Enter.
Create an entry in the Hosts file

1. At the Windows PowerShell command prompt, type notepad
C:\windows\system32\drivers\etc\hosts, and then press Enter.
2. Scroll to the end of the file, type 172.16.0.10 intranet, and then press Enter.
3. Click File, and then click Save.
4. Close Notepad.
Test the new entry

1. At the Windows PowerShell command prompt, type test-connection intranet, and then press Enter.
2. At the Windows PowerShell command prompt, type Get-DnsClientCache | fl, and then press Enter.
3. View the intranet record in the cache.
Test name resolution

1. At the Windows PowerShell command prompt, type nslookup LON-DC1, and then press Enter.
2. At the Windows PowerShell command prompt, type Resolve-Dnsname LON-DC1 | fl, and then press
Enter.
3. At the Windows PowerShell command prompt, type nslookup –d1 LON-DC1 > file.txt, and then
press Enter.
4. Type notepad .\file.txt, and then press Enter.
5. Review the information, and then close Notepad. Note that you might have to scroll to the section
starting with Got answer.
6. Close Windows PowerShell.

Lesson 3
Implementing Wireless Network Connectivity
Contents:
Discussion: Considerations for Wireless Connectivity

Question: What are some considerations for enabling Wi-Fi access for your users?
Answer: Answers will vary, but could include:

• Potential security issues. Any user within range of a wireless hub can potentially connect.
• Convenience. Wireless connections, by definition, eliminate the need for physical wiring
between users’ devices and the network.
• Management issues. More users might wish to connect more devices through wireless
connections, particularly their own devices, such as cellphones and tablets. These devices are
probably unmanaged and can pose problems for IT.
Lesson 4
Overview of Remote Access
Contents:

Question: Which VPN tunneling protocol supports the VPN auto reconnect feature?
( ) PPTP
( ) L2TP
( ) SSTP
( ) IKEv2
Answer:
( ) PPTP
( ) L2TP
( ) SSTP
(√) IKEv2
Feedback: The Internet Key Exchange version 2 (IKEv2) protocol enables the VPN auto reconnect
feature in Windows 10 and Windows 8.1.
Discussion: Considerations for Remote Access

Question: What are the considerations for enabling remote access to your network?
Answer: Answers will vary, but could include:

• Security. By enabling remote access, you open the network to possible security threats. It is
important to consider the threats posed, and to design a remote access solution that
mitigates these risks.
• Increased productivity by users. The ability to access corporate documents remotely enables
users to work any time at a place of their choosing.
• Choice. You must choose what technology to use to enable remote access. DirectAccess is
easier for users to use, because it requires no user intervention to establish remote
connections. However, DirectAccess can be complex to set up and maintain. On the other
hand, VPN technologies are well understood and mature. However, they can still require
users to establish remote connections manually.

Review Questions
Question: You are troubleshooting a network-related problem. The IP address of the host you are
troubleshooting is 169.254.16.17. What is a possible cause of the problem?
Answer: The DHCP server is unavailable.
Question: You are troubleshooting a network-related problem, and you suspect a name-resolution issue.
Before conducting tests, you want to purge the DNS resolver cache. How do you do that?
Answer: To clear the DNS resolver cache, you can use the Windows PowerShell cmdlet Clear-
DnsClientCache. You also can use IPConfig /flushdns.

Lab: Configuring Network Connectivity

Question: In the lab, you tested name resolution. If a user notices that she cannot access normal
enterprise websites, but she knows that she has a valid IP address, what tool must she use to troubleshoot
her computer’s DNS access?
Answer: She can use NSLookup to troubleshoot DNS access issues.
Question: In the lab, you configured the Windows 10 device to obtain its IPv4 configuration
automatically. What might happen if you did this and no DHCP server was available?
Answer: The likely outcome would be that the device would obtain an APIPA address in the
169.254.X.Y range.
Managing storage 5-1
Module 5
Managing storage
Contents:
Lesson 1: Overview of storage options 2
Lesson 2: Managing disks, partitions, and volumes 4
Lesson 3: Maintaining disks and volumes 8
Lesson 4: Managing storage spaces 12

Lesson 1
Overview of storage options
Contents:

Question: What are the advantages of using virtual hard disks? (Select all that apply)
( ) Backup
( ) Performance
( ) Portability
( ) Availability
( ) Physical failures
Answer:
(√) Backup
( ) Performance
(√) Portability
( ) Availability
( ) Physical failures
Question: Which features do you get with Microsoft OneDrive in Windows 10? (Select all that apply)
( ) 5 GB free storage
( ) Synchronization of selected folders
( ) Automatic synchronization of all folders
( ) Built-in universal app
( ) Need to install app to get OneDrive integration
Answer:
(√) 5 GB free storage
(√) Synchronization of selected folders
( ) Automatic synchronization of all folders
(√) Built-in universal app
( ) Need to install app to get OneDrive integration

Lesson 2
Managing disks, partitions, and volumes
Contents:
Demonstration: Creating volumes 5
Demonstration: Resizing a volume 7

Question: What are the features of a GPT-initialized disk? (Select all that apply)
( ) Up to four partitions
( ) Up to 128 partitions
( ) Maximum size of 2 TB
( ) Maximum size of 18 exabytes
( ) Redundancy
Answer:
( ) Up to four partitions
(√) Up to 128 partitions
( ) Maximum size of 2 TB
(√) Maximum size of 18 exabytes
(√) Redundancy
Feedback: MBR disks only support four partitions and 2-TB maximum size. The partition table is
duplicated and therefore redundant on GPT disks.
Question: You can shrink a volume to the size of the used storage space on the volume.
( ) True
( ) False
Answer:
( ) True
(√) False
Feedback: You can only shrink a volume down to the size where unmovable files are stored.
Demonstration: Creating volumes

Demonstration Steps
Initialize disks
1. Right-click Start, click Windows PowerShell (Admin), and then press Enter.
2. Type the following command and then press Enter:
Get-Disk | Where partitionstyle -eq 'raw' | Initialize-Disk -PartitionStyle MBR
Create simple volume in Disk Management

1. Click Start, type diskmgmt.msc, and then press Enter.
2. Right-click the right side of Disk 1 in the unallocated part, and then click New Simple Volume.
3. In the New Simple Volume Wizard window, click Next.
4. On the Specify Volume Size page, type 5120, and then click Next.
5. In the Assign Drive Letter or Path window, make sure that drive E is selected, and then click Next.
6. On the Format partition page, type Simple in the Volume Label text box, and then click Next.
7. On the Completing the New Simple Volume Wizard page, click Finish.
8. If a Windows dialog box opens, click Cancel.
9. If File Explorer opens, close the window.
Create simple volume in Windows PowerShell

1. Switch to the Windows PowerShell window.
2. Type the following commands and after each command press Enter:
Get-Disk -Number 2
New-Partition –Size 5350879232 –Disknumber 2| Format-Volume -Confirm:$false –
FileSystem NTFS –NewFileSystemLabel Simple2
Get-Partition –DiskNumber 2
(Note the partition number you just created, as you will use that in the next step)
Set-Partition -DiskNumber 2 -PartitionNumber <NumberFromBefore> -NewDriveLetter F
Create spanned volume

1. Switch to the Disk Management window, if necessary.
2. Right-click the right side of Disk 2 in the unallocated part, and then click New Spanned Volume.
3. In the New Spanned Volume Wizard window, click Next.
4. On the Select Disks page, click Disk 3, and then click Add. In the Selected list, click each disk, and
then in the Select the amount of space in MB box, type 2048. Click Next.
5. On the Assign Drive Letter or Path page, make sure that drive G is selected, and then click Next.
6. On the Format volume page, in the Volume Label text box, type Spanned, and then click Next.
7. On the Completing the New Spanned Volume Wizard page, click Finish.
8. In the Disk Management dialog box, click Yes to accept that Disk Management converts the disks to
dynamic disks.
Create striped volume

1. Switch to the Disk Management window, if necessary.
2. Right-click the right side of Disk 2 in the unallocated part, and then click New Striped Volume.
3. In the New Striped Volume Wizard window, click Next.
4. On the Select Disks page, click Disk 3, and then click Add. Click Next.
5. On the Assign Drive Letter or Path page, make sure that drive H is selected, and then click Next.
6. On the Format volume page, type Striped in the Volume Label text box, and then click Next.
7. On the Completing the New Striped Volume Wizard page, click Finish.
9. Leave the VMs running.

Demonstration: Resizing a volume

Demonstration Steps
Shrink partition in Windows PowerShell
1. Switch to Windows PowerShell.
Resize-Partition –DiskNumber 1 -PartitionNumber 1 –Size 3GB
Extend partition in Disk Management

1. Switch to the Disk Management window.
2. Right-click the right side of Disk 1 in the Simple (E:) part, and then click Extend Volume. You might
need to refresh the console to view the Simple (E) partition.
3. In the Extend Volume Wizard window, click Next.
4. On the Select Disks page, click Next.
5. On the Completing the Extend Volume Wizard page, click Finish.
6. If you receive an error message indicating that the RPC server is not available, close the Disk
Management console. Then, click Start, type diskmgmt.msc, and then press Enter. Repeat steps 2 to
5.
7. Leave the VM running.

Lesson 3
Maintaining disks and volumes
Contents:
Demonstration: Using storage 9
Demonstration: Performing disk maintenance 10
Demonstration: Compressing files and folders 10
Demonstration: Configuring disk quotas 11

Question: Which features in Windows 10 will work on both FAT-formatted and NTFS-formatted volumes?
(Select all that apply)
( ) Storage Sense
( ) Defragmenting disks
( ) Folder compression
( ) ZIP compression
( ) Disk quotas
Answer:
(√) Storage Sense
(√) Defragmenting disks
( ) Folder compression
(√) ZIP compression
( ) Disk quotas
Feedback: Folder compression and disk quotas will only work on NTFS-formatted volumes.
Question: By default, defragmentation runs on a monthly basis.
( ) True
( ) False
Answer:
( ) True
(√) False
Feedback: By default, disks are defragmented weekly.
Demonstration: Using storage

Demonstration Steps
1. Click Start, and then click the Settings icon.
2. In the Settings window, click System, and then click Storage.
3. On the Storage page, click This PC (C:).
4. On the Storage usage page, click Apps & games.
5. On the Apps & games page, in the Search this list text box, type Skype, and then click the Skype
app.
6. Click Uninstall. Click Uninstall in the window that opens.
7. Click the back arrow to return to Storage Usage.
8. On the Storage usage page, click Temporary files in the category list.
9. On the Temporary files page, select the Temporary files check box.
10. Click Remove files.
11. Click the back arrow to return to Storage Usage.

12. Click the back arrow to return to Storage.
13. On the Storage page, click Change where new content is saved.
14. On the Change where new content is saved page, in the drop-down list for New documents will
save to, select Simple (E:).
15. Click Apply.
16. Click File Explorer in the taskbar.
17. In the File Explorer window, double-click Simple (E:).
18. Double-click the Administrator folder.
19. Notice the Documents folder where new documents will be saved.
Demonstration: Performing disk maintenance

Demonstration Steps
1. Click File Explorer on the taskbar.
2. In the File Explorer window, click This PC, right-click Local Disk (C:), and then click Properties.
3. In the Local Disk C: Properties window, click the Tools tab, and then click Optimize.
4. In the Optimize Drives window, verify that (C:) is selected, and then click Analyze. Click Optimize.
This should not take very long.
5. In the Optimize Drives window, click Change Settings.
6. In the window that opens, click the Frequency drop-down list and select Monthly. Clear the Notify
me if three consecutive scheduled runs are missed check box. Click OK.
7. In the Optimize Drives window, click Close.
8. In the Local Disk C: Properties window, click OK.
9. Leave the VM running.
Demonstration: Compressing files and folders

Demonstration Steps
1. Click the File Explorer icon on the taskbar.
2. Navigate to the C:\Users folder. Right-click the Admin folder, and then click Properties.
3. On the General tab, note the Size on Disk in MB:___________
4. On the General tab, click Advanced.
5. In the Advanced attributes window, click Compress contents to save disk space, and then click
OK.
6. Click Apply, and then in the Confirm Attribute Changes window, click OK.
7. If the Access Denied window appears, click Continue.
8. If the Error Applying Attributes window appears, click Ignore All.
9. After the compression finishes, note the Size on Disk in MB:______________, and then click OK.
10. Leave the VM running for the next demonstration.

Demonstration: Configuring disk quotas

Demonstration Steps
Enable disk quotas
1. In the File Explorer window, right-click Simple (E:), and then click Properties.
2. In the Simple (E:) Properties window, click the Quota tab, and then select the Enable quota
management check box.
3. In the Simple (E:) Properties window, select the Deny disk space to users exceeding quota limit
check box.
4. Click Limit disk space to, in the Limit disk space to text box, type 300, and then in the Set warning
level to text box, type 150
5. Select MB as the unit for both values.
6. In the Properties window, click OK.
7. If a Windows dialog box opens, click OK.
8. Right-click Start, point to Shut down or sign out, and then click Sign out.
Create files
1. Sign in as the user Adatum\Beth with the password Pa55w.rd.
Note: If you receive an error message stating that there are currently no logon servers
available, sign in again as Adatum\Administrator and restart LON-CL2.
2. Right-click Start, and then click Windows PowerShell.
3. In the Windows PowerShell prompt, execute the following commands:
E:
MKDIR files
CD files
Fsutil file createnew file1.txt 104857600
Fsutil file createnew file2.txt 104857600
4. Right-click Start, point to Shut down or sign out, and then click Sign out.
Check disk quotas usage

1. Sign in as Adatum\Administrator with the password Pa55w.rd.
2. Click the File Explorer icon on the taskbar.
3. In the File Explorer window, right-click Simple (E:), and then click Properties.
4. Click the Quota tab, and then click Quota Entries.
5. Notice the warning for Adatum\Beth for the disk space used.
6. Close the Quota Entries for Simple (E:) window.
7. Click OK to close the Simple (E:) Properties window.

Lesson 4
Managing storage spaces
Contents:
Demonstration: Configuring Storage Spaces 13

Question: Which types of storage spaces can you create in Windows 10? (Select 4)
( ) Simple
( ) Advanced
( ) Two-way mirror
( ) Three-way mirror
( ) Parity
Answer:
(√) Simple
( ) Advanced
(√) Two-way mirror
(√) Three-way mirror
(√) Parity
Feedback: There is no such thing as an Advanced storage space.
Question: You need three disks to create a three-way mirror storage space.
( ) True
( ) False
Answer:
( ) True
(√) False
Feedback: You need at least five disks to create a three-way mirror storage space.
Features of Storage Spaces

Question: What is the name for a storage space that is larger than the amount of disk space available on
the physical disks portion of the storage pool?
Answer: This kind of storage space is a thin provisioned virtual disk. With a thin provisioned
storage space, you can use the available space immediately, but you need to add more physical
disks to the storage pool to provide the disk space required.
Demonstration: Configuring Storage Spaces

Demonstration Steps
Clear disks in Windows PowerShell

1. Click Start, type diskmgmt.msc, and then press Enter.
2. In the Disk Management window, in the right side of Disk 2, right-click Simple2, and then click
Delete Volume.
3. In the Delete simple volume window, click Yes.
4. In the Disk Management window, in the right side of Disk 2, right-click Spanned, and then click
Delete Volume.
5. In the Delete spanned volume window, click Yes.

6. In the Disk Management window, in the right side of Disk 2, right-click Striped, and then click
Delete Volume.
7. In the Delete striped volume window, click Yes.
Get-Disk | Clear-Disk -RemoveData
10. Press A to do this on all disks. Notice the error message “clear-disk: Operation not supported on a
critical disk.” This command does not reset the disk with the Windows installation.
11. Switch to the Disk Management window, and then verify that Disks 1, 2, and 3 are not initialized.
Create a storage space

1. Click Start, type storage spaces, and then press Enter.
2. In the Storage Spaces window, click Create a new pool and storage space.
3. On the Select drives to create a storage pool page, verify that Disks 1, 2, and 3 are selected. Click
Create pool.
4. On the Enter a name, resiliency type, and size for the storage space page, click the Resiliency
type drop-down list, and then select Parity. Click Create storage space. This will automatically open
File Explorer with the Storage space (E:) drive selected. Click This PC.
Notice that the size of Storage Space (E:) is 249 GB.
5. Close the File Explorer window.
Modify an existing storage space

1. On the Manage Storage Spaces page, click Change.
2. On the Enter a new name and size for the storage space page, change the Storage space size to
1 TB.
Notice the information text stating that you can add more drives when the capacity is low.
3. Click Change storage space.
5. Click This PC.
Notice that the size of Storage Space (E:) is now 0.99 TB.
Revert VMs
When you finish the demonstration, revert the VMs to its initial state. To do this, complete the following
steps:
1. On the host computer, open Hyper-V Manager.
2. In the Virtual Machines list, right-click 20697-1D-LON-CL2, and then click Revert.
4. Repeat the steps for 20697-1D-LON-DC1.


Review Question
Question: You are implementing 64-bit Windows 10 and need to partition the disk to support 25
volumes, some of which will be larger than 2 terabytes (TB). Can you implement this configuration by
using a single hard disk?
Answer: Yes. You can format the disk for GPT rather than MBR. A GPT disk supports up to 128
volumes, each much larger than 2 TB. Additionally, you can boot a computer with 64-bit
Windows 10 installed from a GPT disk.
Tools
The following table lists some of the tools that are available for managing hard disks.
Tool Used for Where to find
Defrag.exe Performing disk defragmentation Command prompt

tasks from the command line
Compact.exe Performing NTFS compression from Command prompt

the command line
DiskPart Managing disks, volumes, and Command prompt

partitions from the command line
or from the Windows
Preinstallation Environment
Fsutil.exe Performing tasks that relate to file Command prompt

allocation table (FAT) and NTFS,
such as managing disk quotas from
the command line
Disk Management Managing disks and volumes, both Diskmgmt.msc

basic and dynamic, locally or on
remote computers
The Optimize Drives tool Rearranging fragmented data so In File Explorer, right-click a
that disks and drives can work more volume, click Properties, click
efficiently the Tools tab, and then click
Optimize
Storage Spaces Creating and managing storage Control Panel

spaces
Storage Getting an overview of disk usage PC Settings

and uninstalling applications
Common Issues and Troubleshooting Tips

Common Issue Troubleshooting Tip
Configuring disk quotas on multiple After you create a quota, you can export it and then
volumes import it for a different volume. In addition to establishing
quota settings on an individual computer by using this
method, you also can use Group Policy settings to
configure quotas. This lets administrators configure
multiple computers with the same quota settings.
Exceeding the quota allowance To increase free disk space after exceeding the quota
allowance, the user can try the following:
Delete unnecessary files
Have another user claim ownership of files that are not
user-specific
Additionally, an administrator could increase the quota
allowance as volume size and policy permits.

Lab: Managing Storage

Question: When would you use a spanned volume instead of a simple volume? Is there a better solution
in Windows 10?
Answer: Spanned volumes allow you to combine space from multiple drives. You would use a
spanned volume to present several drives as a single drive to an operating system. A better
solution in Windows 10 could be to use Storage Spaces.
Question: In your environment, where would you use disk quotas?
Answer: Answers will vary based on students’ experience. One possible answer is that you would
do this on a shared system to minimize the effect of users saving files.
Managing Files and Printers 6-1
Module 6
Managing Files and Printers
Contents:
Lesson 1: Overview of File Systems 2
Lesson 2: Configuring and Managing File Access 6
Lesson 3: Configuring and Managing Shared Folders 10
Lesson 4: Work Folders 14
Lesson 5: Managing Printers 17

Lesson 1
Overview of File Systems
Contents:
Demonstration: Work with File Systems in Windows 10 4

Question: Which two of the following file systems can you use on the 100-GB simple volume that you
created on a single disk?
( ) FAT
( ) FAT32
( ) exFAT
( ) NTFS
( ) ReFS
Answer:
( ) FAT
( ) FAT32
(√) exFAT
(√) NTFS
( ) ReFS
Question: You cannot convert a partition with the exFAT file system to the NTFS file system.
( ) True
( ) False
Answer:
(√) True
( ) False
Feedback: You cannot convert a partition with the exFAT file system to the NTFS file system.
Question: You can format a 1-TB volume on a single physical disk in Windows 10 with ReFS.
( ) True
( ) False
Answer:
( ) True
(√) False
Feedback: You can use ReFS in Windows 10 only on Windows 10 two-way or three-way mirrored
spaces.
The FAT File System

Question: Why would you use the FAT file system in Windows 10?
Answer: There are not many reasons for using the FAT file system, because the NTFS file system
provides many additional features, such as security, auditing, and compression. However, there
are times when you might want to use the FAT file system, such as when you need to use the
same removable media to share data with systems that do not support NTFS file system or if you
need to use a file system with low overhead.
Question: Can you format a 40 GB volume with the FAT32 file system?
Answer: No. The largest volume that you can format with FAT32 file system is 32 GB. You can
format a 40 GB volume with the exFAT or NTFS file system, but not with the FAT32 file system.
The NTFS File System

Question: What are the main benefits of the NTFS file system?
Answer: The NTFS file system provides several benefits that are not available with the FAT file
system. The most important features of the NTFS file system are its support for larger volume
sizes, security, auditing, and encryption.
The ReFS File System

Question: Can you use Disk Management or File Explorer to format a volume with ReFS in Windows 10?
Answer: You can use Disk Management or File Explorer to format a volume with ReFS in
Windows 10, but only if the volume is on a two-way or three-way mirror set on storage space.
Otherwise, you cannot use ReFS in Windows 10.
Demonstration: Work with File Systems in Windows 10

Demonstration Steps
1. On LON-CL1, right-click Start, and then click Disk Management.
2. In Disk Management, right-click the unallocated space on Disk 2, and then click New Simple
Volume.
3. On the Welcome to the New Simple Volume Wizard page, click Next.
4. On the Specify Volume Size page, in Simple Volume Size in MB, type 100, and then click Next.
5. On the Assign Drive Letter or Path page, discuss the second option, which is Mount in the
following empty NTFS Folder. This allows a volume to be mounted only to an empty NTFS folder.
Click Next.
6. On the Format Partition page, open the File system drop-down list box, and then look at the
available options, which are file allocation table (FAT), FAT32, and NTFS. Open the Allocation unit
size drop-down list box, and point out the available values. Close the Allocation unit size drop-
down list box, and then click Back twice.
7. On the Specify Volume Size page, in Simple Volume Size in MB, type 40000, and then click Next
twice.
8. On the Format Partition page, open the File system drop-down list box, and point out the available
options, which are extended file allocation table (exFAT) and NTFS. Explain that FAT32 supports
volume sizes up to 32 gigabytes (GB). Therefore, it is not available for a 40 GB volume. Close the File
System drop-down list box, and then click Back twice.
9. On the Specify Volume Size page, in Simple Volume Size in MB, type 30000, and then click Next
twice.
10. On the Format Partition page, open the File system drop-down list box, and then look at the
available options, which are FAT32 and NTFS. Click FAT32, click Next, and then click Finish. This will
automatically open File Explorer.
Note: If you are presented with a dialog box to format the disk, click Cancel.
11. Switch to Disk Management, and then verify that NEW VOLUME with FAT32 file system appears
on Disk 2.
12. Switch to File Explorer, in the navigation pane, right-click NEW VOLUME (F:), and then select
Properties. Verify that in NEW VOLUME (F:) Properties, there is no Security and Quota tab. This is
because FAT does not support permissions and disk quotas. Click Cancel.
13. Right-click the Start icon, and then select Windows PowerShell.
14. At the command prompt, type convert f: /fs:ntfs, and then press Enter. Type new volume at the
Enter current volume label for drive F: prompt, and then press Enter. When the command finishes
running, close Command Prompt.
15. In File Explorer, in the navigation pane, right-click NEW VOLUME (F:), and then select Properties.
Verify that in NEW VOLUME (F:) Properties, there is a Security and Quota tab. This appears
because the NTFS file system supports permissions and disk quotas. Point out the Compress this
drive to save disk space check box, as the NTFS file system supports compression, and then click
Cancel.
16. On the taskbar, in the Ask me anything text box, type storage spaces, and then click Manage
Storage Spaces.
17. In the Storage Spaces window, click Create a new pool and storage space.
18. In the Create a storage pool window, verify that Disk 3 and Disk 4 are selected, and then click
Create pool.
19. Select Two-way mirror as the Resiliency type. Expand the File system drop-down list box, and then
verify that both NTFS and REFS are available. Select REFS from the File system drop-down list box,
click Create storage space, and then close the Storage Spaces window.
Note: Point out that even though the REFS option appears to be available as the File
system option in the Create a storage space window with either the Parity or the Simple (no
resiliency) resiliency types selected, choosing it would actually result in an error when
attempting to create a parity or simple storage space.
20. In Disk management, verify that Disk 3 and Disk 4 no longer appear, but that Disk 5 does appear
and has a primary partition that is formatted with the ReFS file system.
Note: If Disk 5 does not appear to be formatted with ReFs, close and re-open Disk
Management.
21. In File Explorer, in the navigation pane, right-click Storage space (G:), and then select Properties.
Verify that in Storage space (G:) Properties, there is a Security tab. However, there should be no
Quota tab or Compress this drive to save disk space check box. This is because ReFS does not
support disk quotas and compression. Click Cancel, and then minimize File Explorer.
Lesson 2
Configuring and Managing File Access
Contents:
Demonstration: Securing Files and Folders with File Permissions 8

Question: On which two file systems can you assign permissions in Windows 10?
( ) FAT
( ) FAT32
( ) exFAT
( ) NTFS
( ) ReFS
Answer:
( ) FAT
( ) FAT32
( ) exFAT
(√) NTFS
(√) ReFS
Question: You can modify inherited permissions on a file without disabling the inheritance.
( ) True
( ) False
Answer:
( ) True
(√) False
Feedback: You can modify permissions only, which are set explicitly on the file. To be able to
modify inherited permissions, you must disable the inheritance or modify the permissions at the
higher level, on the folder on which they were set.
Tools Used for Managing Files and Folders

Question: Which Windows 10 graphical tool is used most often to manage files and folders?
Answer: Windows 10 includes several tools for managing files and folders, but you will use File
Explorer most often.
File and Folder Permissions

Question: If a user’s permissions are shown as Special permissions, what file permissions does the user
have?
Answer: If a user has a combination of advanced file permissions that cannot be listed as basic
file permissions, the user’s permissions will be shown as Special permissions.
Question: If user with Read permissions only is a member of a group that has Write permissions, what
type of permissions does the user actually have?
Answer: The user has cumulative permissions, which apply to the user and to the group of which
the user is a member. In the given scenario, the user will have Read and Write permissions to the
file.
Overview of Permission Inheritance

Question: If a file inherits permissions from a folder, can you modify the permissions on that file?
Answer: No, you cannot modify inherited permissions. You can modify them on the folder,
where you set them explicitly. The file will inherit modified permissions. Alternatively, you can
disable inheritance on a file, select or convert inherited permissions to explicit permissions, and
then modify explicit permissions on it.
Implementing Conditions to Limit File and Folder Access

Question: What conditions should you include so that you limit access to files in the NTFS file system or
the ReFS file system?
Answer: You can include values of user or device claims in conditions. User and device claims can
have values of attributes that you specify in AD DS.
Effective Permissions
Question: How can you include the calculation of conditions that limit access to the Effective Access
feature?
Answer: The Effective Permissions feature, by default, calculates effective access permissions
based on group membership. If you want to include the evaluation of conditions that limit access
to calculation, you need to specify a user and device claim before viewing effective access.
Question: Can the Effective Access feature consider only the current group membership when it is
calculating effective permissions for a selected user or group?
Answer: No. When you are using the Effective Access feature, you can view the effective
permissions for a selected user or group that is a member in an additional group or groups.
Copying and Moving Files

Question: You have FileA on the NTFS volume on Computer1. You grant the user John explicit Full
control permissions on FileA, and then you move FileA to the NTFS partition on Computer2. Will John still
have explicit permissions on FileA?
Answer: When you move FileA from Computer1 to Computer2, you effectively create a new file,
with the same content as FileA, on Computer2. The move process then deletes FileA on
Computer1. When you create a new file, it has only inherited permissions. It does not have
explicit permissions. Therefore, John will not have explicit permissions on FileA when you move it
to Computer2.
Demonstration: Securing Files and Folders with File Permissions

Demonstration Steps
1. On LON-CL1, on the taskbar, click File Explorer.
2. In File Explorer, in the navigation pane, expand This PC, and then click Local Disk (C:). In the details
pane, right-click the empty space, select New, select Folder, and then type Data as the new folder
name.
3. Right-click Data, and then select Properties.
4. In the Data Properties window, click the Security tab, and then click Edit. Explain why check boxes in
the Permissions for Authenticated Users section are dimmed.
5. In the Permissions for Data dialog box, verify that Authenticated Users is selected in the Group or
user names section, and then click Remove. Explain that you cannot remove Authenticated User
because this is an inherited permission. Click OK, and then click Add.
6. In the Enter the object names to select (examples) box, type managers, and then click OK. Explain
why permissions for Managers are not dimmed.
7. In the Permissions for Managers section, clear the Read & execute and List folder contents check
boxes, and then click OK.
8. In the Data Properties dialog box, click Advanced.
9. In the Advanced Security Settings for Data dialog box, in the Permission entries section, select
Managers, and then click Edit.
10. In Permission Entry for Data, in the Basic permissions section, verify that only the Read check box
is selected. Click Show advanced permissions, and then explain that basic Read permission contains
multiple advanced permissions. Click OK three times.
11. In File Explorer, in the details pane, double-click Data.
12. In the details pane, right-click the empty space, select New, select Text Document, and then type
File1 as the file name.
13. Right-click File1.txt, click Properties, click the Security tab, and then click Advanced.
14. In the Advanced Security Settings for File1.txt dialog box, verify that permissions for Managers are
inherited from C:\Data\ and all other permissions are inherited from C:\.
15. Click the entry for Managers, click Remove, note the message, and then click OK.
16. In the Advanced Security Settings for File1.txt dialog box, click Disable inheritance. Review the
options in the Block Inheritance dialog box, and then click Convert inherited permissions into
explicit permissions on this object.
17. In the Advanced Security Settings for File1.txt dialog box, verify that all permissions entries are set
explicitly on File1.txt, as their permission inheritance is set to None.
18. Verify that Managers is selected, click Remove, and then explain that now you can modify
permissions, as they are no longer inherited. Click OK twice.
Lesson 3
Configuring and Managing Shared Folders
Contents:
Demonstration: Sharing Folders 12

Question: If users have the Change share permission, they can take ownership of the files when they
access the share over the network.
( ) True
( ) False
Answer:
( ) True
(√) False
Feedback: The Change share permission does not allow users to take ownership of the shared
folder’s files.
Question: You can configure advanced permissions for the shared folder.
( ) True
( ) False
Answer:
( ) True
(√) False
Feedback: For the shared folder, you can configure only Read, Change, or Full Control
permissions. You can configure advanced permissions only at the file-system level, not at the
share-folder level.
Question: You cannot configure access-based enumeration for shares on a Windows 10–based computer.
( ) True
( ) False
Answer:
( ) True
(√) False
Feedback: You can configure access-based enumeration for Windows 10 shares by using the
Set-SmbShare Windows PowerShell cmdlet.
What Are Shared Folders?

Question: Can any user connect to any shared folder?
Answer: No. Only users with appropriate permissions can connect to shared folders. You
configure permissions on shared folders when you share a folder, and you can modify
permissions.
Methods Available to Share Folders

Question: What is the main difference between sharing a folder by using Network File and Folder Sharing
and by using Advanced Sharing?
Answer: If you share a folder by using Network File and Folder Sharing, you can set share and file
permissions in a single step. If you share a folder by using Advanced Sharing, you can set only
share folder permissions. You cannot modify file permissions by using Advanced Sharing in a
single step.
Shared Folder Properties

Question: What is the maximum number of users who can connect to a share simultaneously on
Windows 10?
Answer: A maximum of 20 users can connect simultaneously to a Windows 10 share.
Question: Can you configure Caching (Offline Settings) when you share a folder by using Network File
and Folder Sharing?
Answer: No. When you share a folder by using Network File and Folder Sharing, you can
configure only who can connect to it and what type of permissions the user has to a share. You
can use Advanced Sharing or Windows PowerShell to modify share properties, including Caching
(Offline Settings) settings.
Demonstration: Sharing Folders

Demonstration Steps
1. On LON-CL1, in File Explorer, in the navigation pane, click Local Disk (C:).
2. In the details pane, right-click the Data folder, select Properties, select the Security tab, and point
out that Managers have permissions on the C:\Data folder. Click the Sharing tab, note that the
folder is not shared, and then click OK.
3. In the details pane, right-click Data folder, select Give access to, and then select Specific people.
4. In the Network access dialog box, select Managers, click Custom in the Permission Level column,
and then select Remove.
5. Click the drop-down arrow and then click Find People. Type IT and then click OK.
6. Verify that IT is added and selected. Click Read in the Permission Level column, select Read/Write,
click Share, and then click Done.
7. In File Explorer, in the navigation pane, right-click Data, and then select Properties. Click the
Security tab, point out that Managers no longer have permissions on the folder, but IT does, and
then click the Sharing tab.
8. In the Data Properties dialog box, verify that the folder is shared, and then click Advanced Sharing.
9. In the Advanced Sharing dialog box, note that the share name is Data, which is the same as the
folder name. In the Limit the number of simultaneous users to dialog box, type 5, and then click
Permissions.
10. In the Permissions for Data dialog box, point out that Everyone and Administrators have Full
Control permissions to the share, click OK
11. In the Advanced Sharing dialog box, click Apply.
12. In the Advanced Sharing dialog box, click Add, in the Share name field, type IT Data, and then click
Permissions. Select the Full Control check box in the Allow column, click OK three times, and then
click Close.
13. In File Explorer, click the arrow in the Address bar, type \\LON-CL1, and then press Enter. Point out
that you can see the Data and IT Data shares in the details pane.
14. Double-click IT Data, and then point out that you can see File1.txt, which you created in the previous
demonstration.
15. Right-click the Start icon, and then select Computer Management.
16. In Computer Management, in the navigation pane, expand Shared Folders. Click Shares, and then
point out that in the details pane, you can see the Data and IT Data shares. Close Computer
Management.
18. In Windows PowerShell, type Get-SmbShare, and then point out that shares on LON-CL1 are listed,
including Data and IT Data.
19. In Windows PowerShell, type logoff.

Lesson 4
Work Folders
Contents:
Demonstration: Enabling Work Folders 15

Question: You can use Work Folders only if a Windows 10 device is joined to AD DS.
( ) True
( ) False
Answer:
( ) True
(√) False
Feedback: You can use Work Folders regardless of Windows 10 domain membership.
Question: User can have single Work Folders in Windows 10.
( ) True
( ) False
Answer:
(√) True
( ) False
Feedback: User can have single Work Folders in Windows 10.
What Are Work Folders?

Question: Can you share your Work Folders content with your coworkers?
Answer: By default, single users can access their individual Work Folders from multiple devices.
You cannot share your Work Folder, but you can make a copy of your Work Folders data, and
then share the copy with coworkers. However, be aware that the copy is static, and the copy does
not synchronize with the content of your Work Folders.
Components of Work Folders

Question: Can users access multiple Work Folders?
Answer: No. Users can access only their subfolder in the Work Folders hierarchy. Users can have
sync access to multiple Work Folders, but the Work Folders server uses only a single Work Folder.
Users cannot synchronize other Work Folders, even if they have sync access permissions for them.
Configuring Work Folders

Question: Can you use Group Policy to deploy Work Folders centrally to devices that are not domain-
joined?
Answer: You can use Group Policy to deploy Work Folders centrally only to domain-joined
devices. If devices are not domain-joined, you still can use local Group Policy on each device that
is not a domain member to deploy Work Folders. However, you cannot deploy Work Folders
centrally.
Demonstration: Enabling Work Folders

Demonstration Steps
1. On LON-CL1, sign in as user adatum\Bill with the password Pa55w.rd.
2. On the taskbar, click File Explorer.

3. In File Explorer, in the navigation pane, click Work Folders. Right-click in the details pane, select
New, select Text Document, and then type On LON-CL1 as the file name. If you do not see Work
Folders in File Explorer, sign out and sign back in to LON-CL1, and then repeat steps 1 through 3.
4. On LON-CL4, sign in as user Admin with the password Pa55w.rd.
5. On LON-CL4, click Start, in the Ask me anything text box, type control, and then select Control
Panel.
6. In Control Panel, in the Search Control Panel field, type work, and then click Work Folders.
7. On the Manage Work Folders page, click Set up Work Folders, and then on the Enter your work
email address page, click Enter a Work Folders URL instead.
8. On the Enter a Work Folders URL page, in Work Folders URL box, type https://lon-
dc1.adatum.com, and then click Next.
9. In the Windows Security dialog box, in the User name field, type adatum\Bill, in the Password
field, type Pa55w.rd, and then click OK.
10. On the Introducing Work Folders page, review the local Work Folders location, and then click Next.
11. On the Security policies page, select the I accept these policies on my PC check box, and then
click Set up Work Folders.
12. On the Work Folders has started syncing with this PC page, click Close.
13. In the WorkFolders window, verify that the On LON-CL1.txt file displays.
14. Sign out of LON-CL1.

Lesson 5
Managing Printers
Contents:
Demonstration: Adding and Sharing a Printer 19

Question: Which tool would you use to manage printers on multiple Windows 10–based computers in
the AD DS environment?
( ) Device Manager
( ) Printers & Scanners
( ) Print Management
( ) Computer Management
( ) Connected Devices
Answer:
( ) Device Manager
( ) Printers & Scanners
(√) Print Management
( ) Computer Management
( ) Connected Devices
Question: You can add multiple printers in Windows 10 for a single printing device that is connected to
your computer.
( ) True
( ) False
Answer:
(√) True
( ) False
Feedback: You can add multiple printers in Windows 10 for a single printing device that is
connected to your computer.
Overview of Printing Components

Question: Can you add multiple printers in Windows 10, while they are all using the same physical
printing device?
Answer: Yes, you can add multiple printers in Windows 10, while they are all using the same
physical printing device. You would do that if you want to configure printers with different
settings, such as priority, security, or Availability.
What Are Type 4 Printer Drivers?

Question: Do you need a specific Type 4 printer driver for each printer?
Answer: No, a Type 4 printer driver can support similar printing features and a print language
that is common to a large set of printing devices. You can have the same Type 4 printer driver
that supports many models of printers.
Managing Client-Side Printing

Question: Which Windows PowerShell cmdlet can you use to modify printer properties?
Answer: You can modify printer properties by running the Set-Printer Windows PowerShell
cmdlet.
Question: Can you manage printers that are connected to a remote Windows 10–based computer by
using Devices and Printers?
Answer: No. You can use Devices and Printers only to manage printers that are connected to a
local Windows 10–based computer.
Managing Print Server Properties

Question: Do you need to turn on any Windows feature to be able to install and share printers on
Windows 10 and use the Print Management tool?
Answer: No. The default Windows 10 installation provides the Print Management tool and
support for printing. You do not need to turn on any Windows feature to be able to use them.
Question: Can you use the Print Management tool for managing printers only on Windows 10–based and
Windows 8.1–based computers?
Answer: No. You can use the Print Management tool for managing printers on any Windows–
based computer on which you have sufficient permissions. This includes Windows 10, Windows
Server 2012 R2, and older Microsoft operating systems.
Demonstration: Adding and Sharing a Printer

Demonstration Steps
1. On LON-CL1, in the taskbar, in the Ask me anything box, type Control, and then select Control
Panel.
2. In Control Panel, click View devices and printers.
3. In Devices and Printers, click Add a printer.
4. In the Add a device dialog box, click The printer that I want isn’t listed.
5. On the Find a printer by other options page, select the Add a local printer or network printer
with manual settings option, and then click Next.
6. On the Choose a printer port page, verify that Use an existing port is selected, and then click Next.
7. On the Install the printer driver page, in the Manufacturer list, select Microsoft. In the Printers
list, select Microsoft PCL6 Class Driver, and then click Next.
8. On the Type a printer name page, in the Printer name field, type Managers Printer, and then click
Next.
9. On the Printer Sharing page, click Next, and then click Finish.
10. In Devices and Printers, right-click Managers Printer, select Printer properties, and then select the
Security tab.
11. In the Managers Printer Properties dialog box, verify that Everyone is selected, and then click
Remove. Click Add, in the Enter the object names to select (examples) dialog box, type
Managers, and then click OK. In the Permissions for Managers section, verify that the Print check
box in the Allow column is selected.
12. Click the Advanced tab, explain the Priority and Available options from the available options, and
then click OK.

Best Practices
File Permissions
Supplement or modify the following best practices for your own work situations:
• To simplify the assignment of permissions, you can grant the Everyone group Full Control share
permission to all shares, and then you can configure file permissions to control access. Restrict share
permissions to the minimum required to provide an extra layer of security in case file permissions are
configured incorrectly.
• When you disable permission inheritance, you have options to convert inherited permissions into
explicit permissions, or you can remove all inherited permissions. If you only want to restrict a
particular group or user, then you should convert inherited permissions into explicit permissions to
simplify the configuration process.
Managing Shared Folders
Supplement or modify the following best practices for your own work situations:
• Be aware that Network File and Folder Sharing (sometimes referred also as Simple File Sharing)
modifies file permissions and share folder permissions, while Advanced Sharing does not modify file
permissions, only set share permissions.
• If the guest user account is enabled on your computer, the Everyone group includes anyone. In
practice, remove the Everyone group from any permission lists, and replace it with the Authenticated
Users group.
• Be aware that if you use a different firewall than the one that Windows 10 includes, it can interfere
with the network discovery and file sharing features.
Review Questions
Question: On which objects can you set file-level permissions?
Answer: You can set file-level permissions on volumes, folders, and files.
Question: Robin recently created a spreadsheet and assigned it file permissions that restricted file access
only to her. Following the system reorganization, the file moved to a folder on a different NTFS volume,
and Robin discovered that other users were able to open the spreadsheet. What is the probable cause of
this situation?
Answer: Because the spreadsheet was moved across partitions, file permissions on the moved file
were inherited from the new parent. All explicit permissions that Robin configured were not
preserved when the file was moved.
Question: Can you access Work Folders content on a computer without network connectivity?
Answer: A computer that supports Work Folders creates a local copy of Work Folders content. If
network connectivity is not available, you will still be able to access and modify a local copy.
When network connectivity is restored, local changes will synchronize transparently with the
Work Folder content on a file server.

Lab A: Configuring and Managing Permissions and Shares

Question: What is the difference between sharing a folder by using Network File and Folder Sharing and
using the Advanced Sharing feature?
Answer: If you are sharing a folder by using Network File and Folder Sharing, you will be
modifying local file permissions and share permissions. You will configure local file permissions
on the File Sharing page, while share permissions will be set to allow full control to
administrators and the Everyone group. If you are sharing a folder by using the Advanced
Sharing feature, local file permissions do not change. The Advanced Sharing feature only sets
share permissions.
Question: Can you view effective access permissions on an NTFS volume? Can you view effective access
permissions on a FAT32 volume?
Answer: You can view effective access permissions on the Advanced Security Settings page for
the file or folder on the NTFS volume or for the whole NTFS volume. You can access this page on
the Security tab of the volume, folder, or file properties. FAT32 volumes do not support security,
so you cannot access effective access permission information on the FAT32 volume. Therefore,
because you cannot configure security and limit access on the FAT32 volume, everyone has
unlimited access to that volume’s content.
Question: How can you see user-claims information in Windows 10?
Answer: You can see user-claims information in Windows 10 by running the whoami /claims
command at a command prompt.
Question: How can you provide members of the same group with different permissions, based on their
attribute values in AD DS?
Answer: You can provide members of the same group with different permissions, based on their
attribute values in AD DS, by configuring conditions to limit file and folder access.
Lab B: Installing and Managing a Printer

Question: How can you list printers that are connected to a computer?
Answer: You can list printers that are connected to a computer in several different ways. You can
use the Devices and Printers feature, the Print Management tool, or the Get-Printer Windows
PowerShell cmdlet.
Question: By default, who can print on a newly created printer?
Answer: By default, everyone has Print permission on a newly created printer, which means that
anyone can print on that printer.
Question: How can you determine which printer is the default printer?
Answer: When you view printers in Devices and Printer, the default printer has a green check
mark next to its name.
Managing Apps in Windows 10 7-1
Module 7
Managing Apps in Windows 10
Contents:
Lesson 1: Overview of Providing Apps to Users 2
Lesson 2: The Microsoft Store 4
Lesson 3: Web Browsers 7

Lesson 1
Overview of Providing Apps to Users
Contents:
Resources 3

Question: Which of the following statements about installing apps in Windows 10 is true? (Choose all
that apply)
( ) Desktop apps are installed with either .exe or .appx installer files.
( ) Microsoft Store apps are installed with .appx files.
( ) RemoteApp apps allow users of Windows 10 S computers to run apps that are designed for the 64-bit
versions of Windows 10.
( ) Desktop apps must be signed digitally.
( ) Microsoft Store apps must be signed digitally.
Answer:
( ) Desktop apps are installed with either .exe or .appx installer files.
(√) Microsoft Store apps are installed with .appx files.
(√) RemoteApp apps allow users of Windows 10 S computers to run apps that are designed for
the 64-bit versions of Windows 10.
( ) Desktop apps must be signed digitally.
(√) Microsoft Store apps must be signed digitally.
Resources
Types of Windows 10 Apps
Additional Reading: For more information, refer to “Desktop Bridge” at

https://aka.ms/ylrpsf.
Lesson 2
The Microsoft Store
Contents:
Demonstration: Sideloading Microsoft Store Apps 5

Question: To install Microsoft Store apps by using sideloading, you must first configure GPOs to enable
the Windows 10 sideloading feature.
( ) True
( ) False
Answer:
( ) True
(√) False
Feedback: It is necessary in Windows 8.1 to enable sideloading by using registry edits or by using
GPOs. However, in Windows 10, you can enable this feature through the device Settings.
Demonstration: Sideloading Microsoft Store Apps

Demonstration Steps
Enable sideloading
1. Sign in to LON-CL2 as Adatum\Abbi with the password Pa55w.rd.
2. In the notification area, click Notifications, and then click All settings.
3. Click Update & security.
4. In the navigation pane, click For developers, and in the Use developer features section, click
Sideload apps.
5. In the Use Developer features dialog box, click Yes.
6. Close Settings.
Install the root certificate

1. On LON-CL2, click File Explorer on the taskbar.
2. Navigate to \\lon-dc1\apps.
3. Right-click LeXProductsGrid81_1.1.0.2_AnyCPU.cer, and then click Install Certificate.
4. On the Certificate Import Wizard page, click Local Machine, and then click Next.
5. In the User Account Control dialog box, click Yes.
6. On the Certificate Store page, click Place all certificates in the following store, click Browse, click
Trusted Root Certification Authorities, click OK, click Next, and then click Finish.
7. In the Certificate Import Wizard dialog box, confirm that the import was successful, and then click
OK.
Install a Microsoft Store app

1. Sign in to LON-CL2 as Adatum\Beth with the password Pa55w.rd.
3. Navigate to \\lon-dc1\apps.
4. Double-click App1.appx.
5. To install the package, in the Install TestAppTKL1 window, click Install.

6. In the SmartScreen can’t be reached right now window, click Run.
7. After the package is installed, it launches automatically.
8. Close the app.
Remove an installed Microsoft Store app

1. Click Start, in the Recently added section, right-click TestAppTKL1, and then click Uninstall.
2. In the This app and its related info will be uninstalled dialog box, click Uninstall.

Lesson 3
Web Browsers
Contents:
Demonstration: Configuring and Using Internet Explorer 11 8
Demonstration: Configuring and Using Microsoft Edge 9
Discussion: Which Browser to Use?

Question: How well suited is Microsoft Edge to your environment?
Answer: Answers will vary based upon the students’ own experiences and the web-based apps
that users are utilizing within their organizations.
Demonstration: Configuring and Using Internet Explorer 11

Demonstration Steps
Configure Compatibility View
2. Sign in to LON-CL2 as ADATUM\Beth with the password Pa55w.rd.
3. Click File Explorer.
4. Browse to C:\Program Files\Internet Explorer\.
5. Right-click iexplore, and then click Pin to taskbar.
6. Close File Explorer.
7. On the taskbar, click Internet Explorer.
Note: If prompted, click Use recommended security and compatibility settings, and
then click OK.
8. In the address bar, type http://LON-DC1, and then press Enter.
9. Right-click the home symbol, and then click Menu bar.
10. On the menu bar, click Tools, and then click Compatibility View settings.
11. In the Compatibility View Settings dialog box, click Add to add the LON-DC1 website to
Compatibility View, and then click Close.
Delete the browsing history

1. In Internet Explorer, click the down arrow next to the address bar to confirm that the address that you
typed is stored.
2. In Internet Explorer, on the Tools menu, click Internet options.
3. On the General tab, under Browsing history, click Delete.
4. In the Delete Browsing History dialog box, clear the Preserve Favorites website data check box,
select the Temporary Internet files and website files, Cookies and website data, and History
check boxes, and then click Delete.
5. Click OK to close the Internet Options dialog box.
6. Confirm that there are no addresses stored in the address bar by clicking the down arrow next to the
address bar.
Note: You can ignore Bing.com

Configure InPrivate Browsing

1. On the Tools menu, point to Safety, and then click InPrivate Browsing.
3. Confirm that the address you entered is not stored by clicking the down arrow next to the address
bar.
Note: You can ignore Bing.com
4. Close the InPrivate Browsing window.
View the add-on management interface

1. On the Tools menu, click Manage add-ons.
2. In the left navigation pane, click Search Providers.
3. In the right navigation pane, click Bing.
4. In the left navigation pane, click Accelerators.
5. In the left navigation pane, click Tracking Protection.
6. Click Close.
Download a file
2. In the browser window, click Download Current Projects.
3. In the Internet Explorer dialog box, click Save.
4. In the banner, click View downloads.
5. Click Open.
6. The file opens in Microsoft Office Excel.
Note: If prompted by Office, in the Microsoft Office Activation Wizard dialog box, click
Close.
7. Close Excel, and then close Internet Explorer.
Demonstration: Configuring and Using Microsoft Edge

Demonstration Steps
Prepare environment
1. On LON-CL2, sign in as .\Admin with the password Pa55w.rd.
2. Right-click Start, and then select Windows PowerShell (Admin).
3. In the User Account Control dialog box, click Yes.
4. In the Administrator: Windows PowerShell window, type c:\Labfiles\Mod07\Mod07-1.ps1, and

then press Enter.
5. Close the Administrator: Windows PowerShell window.

Note: In the lab environment, the Windows Update service is disabled. The service is
needed for the Microsoft Store. The script changes this.
Open a webpage
1. On LON-CL2, sign in as Adatum\Beth with the password Pa55w.rd.
2. On the taskbar, click the Microsoft Edge icon.
3. In the address bar text box, type http://lon-dc1, and then press Enter.
Open a webpage
1. In Microsoft Edge, right-click the A. Datum Intranet tab, and then click Pin.
2. Close and reopen Microsoft Edge. Verify that the pinned tab still displays.
Load a webpage that requires an ActiveX control

1. In Microsoft Edge, on the A. Datum Intranet Home Page, click Current Projects. A new tab opens
with columns displayed for Project and Project Lead. No data displays.
2. Click the Settings and more button (…).
3. Click Open with Internet Explorer. The same webpage displays, but with the data extracted from
the comma-separated value (CSV) file and displayed in the appropriate columns.
4. Close Internet Explorer.
Configure settings
1. In Microsoft Edge, click Settings and more, and then click Settings.
2. In the Choose a theme list, click Dark.
3. Click View advanced settings.
4. Scroll down the list of options, and then highlight the Help protect me from malicious sites and
downloads with Windows Defender SmartScreen. Do not change the setting.
5. Click << Advanced settings.
6. Click outside the SETTINGS pane to close SETTINGS.
Download a file
1. In Microsoft Edge, on the A. Datum Intranet tab, click Download Current Projects.
2. In the banner, click Open.
3. The file opens in Microsoft Office Excel.
Note: If prompted by Office, in the Microsoft Office Activation Wizard dialog box, click
Close.
4. Close Excel.
5. Switch to Microsoft Edge.
Make a web note

1. In Microsoft Edge, on the A. Datum Intranet tab, on the menu bar, click Add notes.
2. On the webpage, draw a square.

3. Click the Highlighter tool.
4. Highlight two of the hyperlinks on the webpage.
5. Click Add a note, and then click the cursor somewhere on the webpage.
6. Type This is my note, and then on the menu, click Save Web Note.
7. Click Favorites, and then click Save.
8. Click Exit.
9. In Microsoft Edge, click Hub, and then click Favorites.
10. Click the Web Notes – A Datum Intranet link. Your web note opens.
11. Close Microsoft Edge.
Install an extension
1. Open Microsoft Edge.
2. In Microsoft Edge, click Settings and more, and then click Extensions.
3. In the Extensions window, click Get extensions from the Store.
4. In the Microsoft Store, click Translator For Microsoft Edge, and then click Get.
5. If the Add your Microsoft account to Store dialog box appears, enter the credentials for the
Microsoft account that you created in module 3.
6. If the Sign in to this device using your Microsoft account message displays, then click Skip this
step.
7. When the installation finishes, close the Microsoft Store.
8. In Microsoft Edge, click Turn it on.
9. Restart Microsoft Edge.
10. In the address bar, type http://microsoft.fr, and then press Enter.
11. In the address bar, click the Translate this page button.
12. In the dialog box that opens, click the Translate this page button.
13. Close Microsoft Edge.
Annotate a PDF file

1. In the taskbar, click the File Explorer icon.
2. Navigate to C:\Labfiles\Mod07.
3. Double-click Course 20697-1D Outline.pdf.
4. Verify that Microsoft Edge opens, displaying a .pdf file with a course outline for this course.
5. In Microsoft Edge, select some text.
6. In the panel that opens, click Highlight, and then select the green color.
7. Select some other text, in the panel click Add a note, in the text box, type PDF annotations in
Microsoft Edge, and then click the checkmark.
8. Click the Save icon.
9. Explain the different icons in the icon bar at the top.


Review Questions
Question: What does Internet Explorer 11 display when a browser detects that a website does not adhere
to HTML5 or CSS3 standards?
Answer: Internet Explorer 11 will display the webpage in compatibility mode, which enables the
browser to continue to attempt to display the webpage correctly.
Question: You are installing apps from the Microsoft Store on a tablet that has a small internal hard disk.
However, you have added a micro SD card with 64 GB of space. How can you utilize this storage for your
apps?
Answer: Windows 10 enables you to move apps to external storage by performing the following
steps: open Settings, select System, tap Apps & features. Your apps are listed. Tap each app
that you want to move, and then tap Move.
Question: You want to know which apps you have previously installed or purchased on your Windows
devices, regardless of whether they are installed on your current device. How can you access this
information in Windows 10?
Answer: You can access a list of all your apps from the Microsoft Store Settings menu by tapping
My Library, and a list of your apps displays. These apps may not be installed currently on this
device, but you have previously installed them on one of the devices associated with your
Microsoft account.

Lab A: Installing and Updating Apps from the Microsoft Store

Question: In the lab, you used a self-signed certificate for validating the source of the app that you
wanted to sideload. What is wrong with using a self-signed certificate?
Answer: When you use a self-signed certificate, you cannot verify the integrity of the software
vendor that produced the app that you are intending to install. This is not a problem if you are
testing internally developed apps, but it is a security concern if you are using third-party apps. In
production environments, only install apps from trusted sources.
Question: Why was in necessary to sign in by using a Microsoft account during the lab?
Answer: To install apps from the Microsoft Store, you must sign in with a Microsoft account. You
do not need to use a Microsoft account to access the Microsoft Store app or browse apps.
However, to download and install apps, you must use a Microsoft account.
Lab B: Configuring Windows 10 Web Browsers

Question: In the lab, you were unable to get complete functionality from the Adatum intranet website by
using Microsoft Edge. What was the reason? What was the solution?
Answer: The A. Datum intranet site uses an ActiveX control for tabulating data retrieved from a
CSV file. ActiveX controls do not work in Microsoft Edge. You were able to view the website
correctly by switching to Internet Explorer to view the appropriate page.
Managing data security 8-1
Module 8
Managing data security
Contents:
Lesson 1: Overview of data-related security threats 2
Lesson 2: Securing data with EFS 4
Lesson 3: Implementing and managing BitLocker 7

Lesson 1
Overview of data-related security threats
Contents:

Question: Your coworker lost his USB drive, which contained confidential information about a new
project. Which security feature could have prevented unauthorized users from accessing that data?
(Choose all that apply)
( ) Applying file permissions
( ) Utilizing BitLocker To Go
( ) Applying claims permissions to files and folders
( ) Applying BitLocker data protection on a laptop computer
Answer:
( ) Applying file permissions
(√) Utilizing BitLocker To Go
(√) Applying claims permissions to files and folders
( ) Applying BitLocker data protection on a laptop computer
Feedback: You could have used BitLocker To Go and claims permissions to protect the data on
the USB drive.
Lesson 2
Securing data with EFS
Contents:
Demonstration: Using EFS to secure data 5

Categorize Activity
Question: Categorize each item below
Items
1 Allows direct recovery of all encrypted data
2 Allows the recovery of EFS private keys from the CA database
3 Authorized person can recover the EFS-encrypted data for all users in the organization
4 Authorized person can recover the EFS-encrypted data only for that specific user
Category 1 Category 2
Data recovery agent Key recovery agent
Answer:
Data recovery agent Key recovery agent
Allows direct recovery of all encrypted Allows the recovery of EFS private keys from the
data CA database
Authorized person can recover the EFS- Authorized person can recover the EFS-
encrypted data for all users in the encrypted data only for that specific user
organization
What’s EFS?
Question: Why is it not possible to encrypt system files with EFS?
Answer: EFS keys are not available during the startup process. Therefore, if system files are
encrypted, the system file cannot start.
How EFS works

Question: How would you protect files in transit across your organizational network?
Answer: Implement Internet Protocol security (IPsec) to protect files transiting the network.
Demonstration: Using EFS to secure data

Demonstration Steps
2. On the taskbar, click the File Explorer icon, click This PC, and then double-click Local Disk (C:).
3. On the title bar, click the Home tab, and then click the New Folder icon. Name the new folder
SecretAbbi.
4. Click Start, and then type control panel. In the Best match list, click Control Panel.
5. Click the View by dropdown list, and then select Large icons.
6. Click File Explorer Options.
7. In the File Explorer Options window, click the View tab.
8. In the Advanced settings list, select the Show encrypted or compressed NTFS files in color check
box.
9. Click OK.
10. Close Control Panel.
11. Right-click the SecretAbbi folder, and then click Properties.
12. Click Advanced.
13. On the Advanced Attributes dialog box, select the Encrypt contents to secure data check box.
14. Click OK twice.
15. Verify that the SecretAbbi folder is now green.
16. Open the SecretAbbi folder.
17. In the blank area, right-click, click New, and then click Text Document.
18. Name the new file Secrets.
19. Double-click the file to open the file, and then enter the following text:
This is a secret file.
20. Close the file. When prompted, click Save.
21. Sign out from LON-CL1.
22. Sign in to LON-CL1 as ADATUM\Bill with the password Pa55w.rd.
23. On the taskbar, click the File Explorer icon.
24. Click This PC, and then double-click Local Disk (C:).
25. Open the SecretAbbi folder.
26. Double-click Secrets.
27. Verify that access is denied, and then click OK.
28. Sign out from LON-CL1.

Lesson 3
Implementing and managing BitLocker
Contents:
Resources 9
Demonstration: Configuring and using BitLocker 9

Categorize Activity
Question: Categorize each item below.
Items
1 Encrypts the entire operating-system volume, including Windows system files and the
hibernation file
2 Encrypts files
3 Does not require user certificates
4 Requires user certificates
5 Protects the operating system from modification
6 Does not protect the operating system from modification
BitLocker EFS
Answer:
BitLocker EFS
Encrypts the entire operating-system Encrypts files

volume, including Windows system files Requires user certificates
and the hibernation file
Does not protect the operating system from
Does not require user certificates modification
Protects the operating system from
modification
BitLocker modes
Question: What is a disadvantage of running BitLocker on a computer that does not have TPM 1.2?
Answer: Computers without TPMs will not be able to use the system-integrity verification during
startup that BitLocker can provide.
Using Group Policy settings to configure BitLocker

Question: How can you use Microsoft BitLocker Administration and Monitoring 2.5 SP1 to reduce the
time that the help desk spends recovering a BitLocker unlock key for a remote user?
Answer: Administrators can enable the Microsoft BitLocker Administration and Monitoring 2.5
SP1 Self-Service Portal to allow users to recover a BitLocker recovery password without having to
call their organization’s help desk.
Recovering BitLocker-encrypted drives

Question: What is the difference between the recovery key and the password ID?
Answer: The recovery key is a 48-digit password that unlocks a system in recovery mode. The
recovery key is unique to a particular BitLocker encryption, and you can store it in AD DS. A
computer's password ID is a 32-character password that is unique to a computer name. You can
find the password ID under a computer's properties, which you can use to locate recovery keys
that are stored in AD DS.
Resources
Microsoft BitLocker Administration and Monitoring
Additional Reading: For more information, refer to Microsoft BitLocker Administration

and Monitoring 2.5: http://aka.ms/n3mqgm
Demonstration: Configuring and using BitLocker

Demonstration Steps
1. Sign in to LON-CL1 as Adatum\Administrator with the password Pa55w.rd.
2. In the search box on the taskbar, type gpedit.msc, and then press Enter.
3. In the Local Group Policy Editor, under Computer Configuration, expand Administrative
Templates, expand Windows Components, and then expand BitLocker Drive Encryption.
4. Click Operating System Drives, and then double-click Require additional authentication at
startup.
5. In the Require additional authentication at startup dialog box, click Enabled, and then click OK.
6. Close the Local Group Policy Editor.
8. On LON-CL1, click Start, and then type bitlocker.
9. Click Manage BitLocker.
10. Click Allfiles (E:) BitLocker Off, and then click Turn on BitLocker.
11. In the BitLocker Drive Encryption (E:) dialog box, click Use a password to unlock the drive.
12. In the Enter your password and Reenter your password boxes, type Pa55w.rd, and then click
Next.
13. On the How do you want to back up your recovery key? page, click Save to a file.
14. In the Save BitLocker recovery key as dialog box, click Local Disk (C:).
15. On the File Explorer toolbar, click New folder, type BitLocker, and then press Enter.
16. In the Save BitLocker recovery key as dialog box, click Open, click Save, click Yes, and then click
Next.
17. On the Choose which encryption mode to use page, ensure that New encryption mode (best for
fixed drives on this device) is selected and then click Next.
18. On the BitLocker Drive Encryption (E:) page, click Start encrypting, and then click Close.
19. Restart LON-CL1.
22. In the navigation pane, click This PC.
23. Right-click Local Disk (E:), click Unlock drive.
24. Enter the password Pa55w.rd, press Enter to unlock the drive, and then verify access to the drive
contents.


Review Question
Question: What are some limitations of EFS?
Answer: Answers could include that you cannot encrypt files for groups and files do not remain
encrypted when sent via email.

Lab: Managing data security

Question: Why is EFS a better solution than BitLocker for protecting Abbi’s files?
Answer: EFS encrypts files specifically so that they are accessible only to Abbi. BitLocker encrypts
a volume that, once unlocked, is accessible to any user of the computer.
Question: How could Abbi provide Bill with access to a single EFS-encrypted file without making the file
accessible to other users of the computer?
Answer: Abbi could add Bill’s public EFS key to the file. This would allow Bill to access the
encrypted file’s contents without granting access to other users.
Managing Device Security 9-1
Module 9
Managing Device Security
Contents:
Lesson 1: Using Security Settings to Mitigate Threats 2
Lesson 2: Configuring UAC 6
Lesson 3: Configuring Application Restrictions 10

Lesson 1
Using Security Settings to Mitigate Threats
Contents:
Resources 3
Demonstration: Using GPOs to Configure Security Settings 3

Question: Which of the following options best describes the Policy Analyzer tool of Security Compliance
Toolkit?
( ) You can use it to analyze a GPO against incorrectly configured security settings.
( ) You can use it to deploy your configurations to computers that are not domain-joined.
( ) You can use it to compare your existing configuration against the security baselines from Microsoft.
( ) You can use it to import your existing GPO settings for reuse and deployment.
Answer:
( ) You can use it to analyze a GPO against incorrectly configured security settings.
( ) You can use it to deploy your configurations to computers that are not domain-joined.
(√) You can use it to compare your existing configuration against the security baselines from
Microsoft.
( ) You can use it to import your existing GPO settings for reuse and deployment.
Feedback: The Policy Analyzer tool of Security Compliance Toolkit enables you to compare your
existing configuration against the security baselines from Microsoft.
Question: After implementing a set of Windows Defender Exploit Guard mitigations to protect
applications, you should perform extensive testing to ensure that those mitigations do not affect
application functionality adversely.
( ) True
( ) False
Answer:
( ) True
(√) False
Feedback: You should perform extensive testing before implementing a set of Windows
Defender Exploit Guard mitigations to protect applications. The tool can cause compatibility
issues with some applications by enabling mitigations that stop them from functioning correctly.
You can restore application functionality by disabling specific mitigations.
Resources
Windows Defender Exploit Guard
Additional Reading: To learn more about Windows Defender Exploit Guard, refer to
“Windows Defender Exploit Guard” at https://aka.ms/R0p224.
Demonstration: Using GPOs to Configure Security Settings

Demonstration Steps
1. Sign in to LON-DC1 as Adatum\Administrator with the password Pa55w.rd.
2. On the Tools menu of the Server Manager Console, click Group Policy Management.
3. In the Group Policy Management Console, expand Forest:Adatum.com\Domains\Adatum.com,

and then click the Group Policy Objects node.
4. In the content pane, right-click the Default Domain Policy GPO, and then click Edit.
5. In the Group Policy Management Editor, expand the Computer Configuration\Policies\Windows

Settings\Security Settings\Account Policies node, and then click Password Policy.
6. In the list of policies, double-click the Minimum Password Length policy.
7. In the Minimum password length Properties window, set the Password must be at least value to
12 characters, and then click OK.
8. In the console tree, click the Account Lockout Policy node.
9. Double-click the Account Lockout Duration policy.
10. In the Account Lockout Duration Properties dialog box, click Define This Policy Setting, and then
set the Account Is Locked Out For value to 20 minutes. Click OK.
11. In the Suggested Value Changes dialog box, click OK.
12. Double-click the Account Lockout Threshold policy.
13. In the Account Lockout Threshold Properties dialog box, set the Account Will Lock Out After
settings to 2 invalid logon attempts, and then click OK.
14. Close the Group Policy Management Editor.
15. Close the Group Policy Management Console.
16. On the Tools menu of the Server Manager Console, click Active Directory Users and Computers.
17. Expand the Adatum.com node, and then click the IT organizational unit (OU).
18. Right-click the Abbi Skinner user account, and then click Properties.
19. In the Abbi Skinner Properties dialog box, click the Account tab.
20. In the list of Account Options, deselect the Password Never Expires option, and then select the User
Must Change Password at Next Logon option. Click OK.
21. On LON-DC1, right-click Start, and then click Windows PowerShell.
22. In the Administrator: Windows PowerShell window, type the following command, and then press
Enter:
Invoke-Gpupdate -force
24. When the message appears that indicates that the user’s password has expired and must be changed
before signing in, click OK.
25. In the New Password box and the Confirm Password box, type Pa55w.rd12, and then press Enter.
26. Review the message that appears that indicates that your new password does not meet the length,
complexity, or history requirements of the domain and click OK. Type the current password as
Pa55w.rd.
27. In the New Password box and the Confirm Password box, type Pa55w.rd1234, and then press
Enter.
28. When a message indicates that the password has been changed, click OK.
29. After signing in, right-click Start, and then click Windows PowerShell.
30. At the Windows PowerShell prompt, type the following, and then press Enter:
Gpupdate /force
31. Click Start, click Abbi Skinner, and then click Sign out.
32. Attempt to sign in to LON-CL1 as Adatum\Abbi with the incorrect password Potato.
33. When a message indicates that the password is incorrect, click OK.
34. Attempt again to sign in to LON-CL1 as Adatum\Abbi with the incorrect password Potato.
35. When a message indicates that the password is incorrect, click OK.
36. Attempt again to sign in to LON-CL1 as Adatum\Abbi with the incorrect password Potato.
37. When a message indicates that the referenced account is locked out and that you cannot sign in, click
OK.
Lesson 2
Configuring UAC
Contents:
Demonstration: Configuring UAC 8

Categorize Activity
Question: Categorize each item into the appropriate category. Indicate your answer by writing the
Items
1 Change the desktop background for the current user
2 Install a driver for a device, such as a digital camera driver
3 Install updates from Windows Update
4 Configure accessibility options
5 Configure Automatic Updates
6 Install drivers from Windows Update or those that are included with the operating system
7 Use Remote Desktop to connect to another computer
8 Configure Remote Desktop access
9 View Windows settings
10 Establish and configure a wireless connection
11 Open Windows Defender Firewall in Control Panel
12 Pair Bluetooth devices with the computer
13 Configure battery power options
14 Schedule Automated Tasks
15 Reset the network adapter
16 Restore a user’s backup files
17 Restore system backup files
18 Perform network repair tasks
Tasks a Standard User Can Tasks That Require Elevation Tasks that the default
Perform to an Administrator Account UAC setting allows a
standard user to perform
without receiving a UAC
prompt
Answer:
Tasks a Standard User Can Tasks That Require Tasks that the default UAC
Perform Elevation to an setting allows a standard
Administrator Account user to perform without
receiving a UAC prompt
Change the desktop Install a driver for a device, Install updates from
background for the current such as a digital camera Windows Update
user driver Install drivers from Windows
Configure accessibility Configure Automatic Update or those that are
options Updates included with the operating
Use Remote Desktop to Configure Remote Desktop system
connect to another access View Windows settings
computer Open Windows Defender Pair Bluetooth devices with
Establish and configure a Firewall in Control Panel the computer
wireless connection Schedule Automated Tasks Reset the network adapter
Configure battery power Restore system backup Perform network repair tasks
options files
Restore a user’s backup files
Question: Which of the following is the default setting for the UAC elevation prompt?
( ) Never notify me
( ) Notify me only when apps try to make changes to my computer (do not dim my desktop)
( ) Notify me only when apps try to make changes to my computer (default)
( ) Always notify me
Answer:
( ) Never notify me
( ) Notify me only when apps try to make changes to my computer (do not dim my desktop)
(√) Notify me only when apps try to make changes to my computer (default)
( ) Always notify me
Feedback: The default User Account Control setting is Notify me only when apps try to make
changes to my computer (default). When you configure this setting, UAC notifies a user when
apps attempt to make changes to computer settings.
Demonstration: Configuring UAC

Demonstration Steps
View the current UAC settings
2. In the Ask me anything box on the taskbar, type gpedit.msc, and then press Enter.
3. In the Local Group Policy Editor, expand Computer Configuration, expand Windows Settings,
expand Security Settings, expand Local Policies, and then click Security Options.
Configure the UAC settings

1. In the results pane, double-click User Account Control: Behavior of the elevation prompt for
standard users.
2. In the User Account Control: Behavior of the elevation prompt for standard users dialog box,
click the Prompt for credentials drop down list, select Automatically deny elevation requests, and
then click OK.
4. Sign out.
Test the UAC settings

1. Sign in to LON-CL1 as Adatum\Holly with the password Pa55w.rd.
3. In the Group Policy Error dialog box, click Close.
4. Verify that the Local Group Policy Editor snap-in does not open correctly.
5. Sign out.
Reconfigure the UAC settings

expand Security Settings, expand Local Policies, and then click Security Options.
4. In the results pane, double-click User Account Control: Behavior of the elevation prompt for
standard users.
5. In the User Account Control: Behavior of the elevation prompt for standard users dialog box,
click the Automatically deny elevation requests drop down list, select Prompt for credentials, and
then click OK.
7. Sign out.
Test the UAC settings

1. Sign in to LON-CL1 as Adatum\Holly with the password Pa55w.rd.
3. The Windows operating system displays the User Account Control prompt.
4. In the User Account Control dialog box, type Administrator in the User name box, type Pa55w.rd
in the Password box, and then click Yes.
5. Close the Administrator: Windows PowerShell window.
6. Sign out.
7. On the host computer, start Hyper-V Manager.
8. In the Virtual Machines list, right-click 20697-1D-LON-DC1, and then click Revert.
10. Repeat steps 8 and 9 for 20697-1D-LON-CL1.

Lesson 3
Configuring Application Restrictions
Contents:
Demonstration: Configuring AppLocker Rules 11
Demonstration: Enforcing AppLocker Rules 11

Question: What are some of the drawbacks of enforcing a more rigorous account lockout policy?
Answer: Some of the drawbacks of enforcing a more rigorous account lockout policy are:
• Legitimate users are more likely to lock themselves out of their accounts.
• There may be a rise in calls to the service desk to resolve account lockout issues.
Demonstration: Configuring AppLocker Rules

Demonstration Steps
Create a custom AppLocker rule
expand Security Settings, expand Application Control Policies, and then double-click AppLocker.
4. Click and then right-click Executable Rules.
5. Click Create New Rule to open the Create Executable Rules Wizard, and then click Next.
6. On the Permissions page, click Deny, and then click Select.
7. In the Select User or Group dialog box, in the Enter the object name to select (examples) box,
type Marketing, click Check Names, click OK, and then click Next.
8. On the Conditions page, click Path, and then click Next.
9. Click Browse Files, in the File name box, type C:\Windows\Regedit.exe, and then click Open.
10. Click Next twice, and then click Create.
11. Click Yes when prompted to create default rules.
Automatically generate the script rules

1. Click and then right-click Script Rules.
2. Click the Automatically Generate Rules option.
3. In the Automatically Generate Script Rules Wizard, on the Folder and Permissions page, click Next.
4. Click Next again, and then click Create.
5. Click Yes when prompted to create default rules.
Create the default packaged app rules

1. Click and then right-click Packaged app Rules.
2. Click the Create Default Rules option.
Demonstration: Enforcing AppLocker Rules

Demonstration Steps
Enforce AppLocker rules
1. On LON-CL1 in the Ask me anything box on the taskbar, type gpedit.msc, and then press Enter.
expand Security Settings, expand Application Control Policies, and then double-click AppLocker.
3. In the Local Group Policy Editor, right-click AppLocker, and then click Properties.
4. On the Enforcement tab, under Executable rules, select the Configured check box, and then click
Enforce rules from the drop-down list.
5. On the Enforcement tab, under Script rules, click the Configured check box, click Audit only from
the drop-down list, and then click OK.
Confirm the executable rule enforcement

1. On the taskbar, in the Ask me anything box, type gpupdate /force, and then press Enter. Wait for
the policy to update.
2. Right-click Start, and then click Computer Management.
3. Expand Event Viewer, expand Windows Logs, and then click System.
4. In the results pane, locate and click the latest event with Event ID 1502.
5. Review event message details under the General tab.
6. Expand Services and Applications, and then click Services.
7. Right-click the Application Identity service in the main window pane, and then click Start.
Test the executable rule enforcement

1. Sign in as Adatum\Bill with the password Pa55w.rd.
2. Click Close.
3. Right-click Start, and then click Run.
4. In the Run dialog box, type cmd, and then press Enter.
5. At the command prompt, type Regedit.exe, and then press Enter.
Note: You will be unable to run Regedit.exe because of the Group Policy configuration.
6. Close the Command Prompt window.
7. Sign in as Adatum\Administrator with password Pa55w.rd.
8. Right-click Start, and then click Event Viewer.
9. In Event Viewer, expand Applications and Services Logs, expand Microsoft, expand Windows,
expand AppLocker, and then click EXE and DLL.
10. Review the entries in the results pane. Locate Event ID 8004. This shows Bill’s attempt to run
Regedit.exe.
11. Close Event Viewer.


Review Question
Question: When you implement UAC, what happens to standard users and administrative users when
they perform a task that requires administrative permissions?
Answer: For standard users, UAC prompts the user for the credentials of a user with
administrative permissions. For administrative users, UAC prompts the user for permission to
complete the task.

Lab: Managing Device Security

Question: How can you suppress UAC notifications?
Answer: You can use UAC settings in the Action Center to turn off UAC, so that you never
receive notifications about changes to your computer.
Managing Network Security 10-1
Module 10
Managing Network Security
Contents:
Lesson 2: Windows Defender Firewall 2
Lesson 3: Connection security rules 5
Lesson 4: Windows Defender Antivirus 9

Lesson 2
Windows Defender Firewall
Contents:
Demonstration: Configuring inbound and outbound firewall rules 3

Question: You need to open a firewall port to allow Lightweight Directory Access Protocol (LDAP) traffic.
Which port would you open to accomplish this task?
( ) 143
( ) 389
( ) 443
( ) 161
Answer:
( ) 143
(√) 389
( ) 443
( ) 161
Feedback: LDAP uses Port 389.
Demonstration: Configuring inbound and outbound firewall rules

Demonstration Steps
Test Remote Desktop connectivity

2. In the taskbar, in the Ask me anything box, type mstsc, and then select Remote Desktop
Connection.
3. In the Remote Desktop Connection window, in the Computer box, type LON-CL1, and then press
Enter.
4. In the Windows Security dialog box, sign in to LON-CL1 as Adatum\Administrator with the
password Pa55w.rd.
5. Open Start on LON-CL1, click Administrator, and then click Sign out.
Configure an inbound rule

1. Switch to LON-CL1 and sign in as Adatum\Administrator with the password Pa55w.rd.
2. In the taskbar, in the Ask me anything box, type control panel, and then press Enter.
3. Click System and Security, and then click Windows Defender Firewall.
4. In the navigation pane, click Advanced settings, click and then right-click Inbound Rules, and then
click New Rule.
5. In the New Inbound Rule Wizard window, select Predefined, click the drop-down list, click Remote
Desktop, and then click Next.
6. On the Predefined Rules page, select all available rules, and then click Next.
7. On the Action page, select Block the connection, and then click Finish.
8. Minimize the Windows Defender Firewall with Advanced Security window.
Test the inbound rule

Connection.
3. In the Remote Desktop Connection window, in the Computer box, type LON-CL1, and then press
Enter.
4. Verify that the connection attempt fails, and then click OK.
Test outbound Remote Desktop connectivity

Connection.
3. In the Remote Desktop Connection window, in the Computer box, type LON-DC1, and then press
Enter.
4. Sign in to LON-DC1 as Adatum\Administrator with the password Pa55w.rd.
5. Open Start on LON-DC1, click Administrator, and then click Sign out.
Configure an outbound rule

1. On LON-CL1, on the taskbar, click the Windows Defender Firewall with Advanced Security
window, and then click Outbound Rules.
2. In the Actions pane, click New Rule.
3. On the Rule Type page, verify that you are creating a Program rule, and then click Next.
4. On the Program page, click This program path, type C:\Windows\System32\mstsc.exe, and then
click Next.
5. On the Action page, verify that the action is Block the Connection, and then click Next.
6. On the Profile page, verify that all profiles are selected, and then click Next.
7. On the Name page, type Block Outbound RDP to LON-DC1 in the Name text box, and then click
Finish.
8. In the Windows Advanced Firewall with Advanced Security window, click the Block Outbound RDP
to LON-DC1 rule, and then in the Actions pane, click Properties.
9. Click the Scope tab, and then under the Remote IP address heading, select the These IP addresses
option.
10. Under the Remote IP address heading, click Add, in the This IP address or subnet box, type
172.16.0.10, and then click OK.
11. In the Block Outbound RDP to LON-DC1 Properties dialog box, click OK.
Test outbound Remote Desktop connectivity

1. On LON-CL1, in the taskbar, in the Ask me anything box, type mstsc, and then select Remote
Desktop Connection.
2. In the Remote Desktop Connection window, in the Computer box, type LON-DC1, and then press
Enter.
3. In the Remote Desktop Connection dialog box, click OK.

Lesson 3
Connection security rules
Contents:
Demonstration: Creating and configuring connection security rules 6

Question: Which of the following authentication options allows you to use a preshared key when
configuring a connection security rule?
( ) Computer and User (Kerberos V5)
( ) Computer (Kerberos V5)
( ) User (Kerberos V5)
( ) Computer Certificate
( ) Advanced
Answer:
( ) Computer and User (Kerberos V5)
( ) Computer (Kerberos V5)
( ) User (Kerberos V5)
( ) Computer Certificate
(√) Advanced
Feedback: Only the Advanced option allows the use of a preshared key.
Demonstration: Creating and configuring connection security rules

Demonstration Steps
2. Right-click Start, and then select Windows PowerShell.
3. In the Administrator: Windows PowerShell window, type ping LON-CL1, and then press Enter.
4. Verify that the ping generated four “Reply from 172.16.0.40: bytes=32 time=xms TTL=128” messages.
Please note, the times that the message lists may vary.
5. In the Administrator: Windows PowerShell window, type control, and then press Enter.
7. In the navigation pane, click Advanced settings.
8. In the navigation pane, expand Monitoring, and then expand Security Associations.
9. Click Main Mode, and then examine the information in the center pane. No information should be
present.
10. Click Quick Mode, and then examine the information in the center pane. No information should be
present.
13. To examine the Main Mode SAs, at the Windows PowerShell prompt, type the following command,
and then press Enter:
Get-NetIPsecMainModeSA
14. To examine the Quick Mode SAs, at the command prompt, type the following command, and then
press Enter:
Get-NetIPsecQuickModeSA
15. Running each command should produce no result.
16. On LON-CL1, in the Administrator: Windows PowerShell window, type control, and then press Enter.
18. In the navigation pane, click Advanced settings, and then click Connection Security Rules.
20. On the Rule Type page, verify that Isolation is selected, and then click Next.
21. On the Requirements page, select Require authentication for inbound connections and request
authentication for outbound connections, and then click Next.
22. On the Authentication Method page, select Computer and user (Kerberos V5), and then click
Next.
23. On the Profile page, click Next.
24. On the Name page, in the Name text box, type Authenticate all inbound connections, and then
click Finish.
25. Close the Windows Defender Firewall with Advanced Security window.
27. In Windows Defender Firewall with Advanced Security, in the navigation pane, click Connection
Security Rules.
29. On the Rule Type page, verify that Isolation is selected, and then click Next.
30. On the Requirements page, select Require authentication for inbound connections and request
authentication for outbound connections, and then click Next.
31. On the Authentication Method page, select Computer and user (Kerberos V5), and then click
Next.
32. On the Profile page, click Next.
33. On the Name page, in the Name text box, type Authenticate all inbound connections, and then
click Finish.
34. In the Administrator: Windows PowerShell window, type ping LON-CL1, and then press Enter.
35. Verify that the ping generated four “Reply from 172.16.0.40: bytes=32 time=xms TTL=128” messages.
Please note, the times that the message lists may vary.
36. In the Windows Defender Firewall with Advanced Security window, in the navigation pane, click Main
Mode, and then examine the information in the center pane.
37. Click Quick Mode, and then examine the information in the center pane.
40. To examine the Main Mode SAs, type the following command in the Administrator: Windows
PowerShell window, and then press Enter:
Get-NetIPsecMainModeSA
41. Review the result.
42. To examine the Quick Mode SAs, at the command prompt, type the following command, and then
press Enter:
Get-NetIPsecQuickModeSA
43. Review the result.

Lesson 4
Windows Defender Antivirus
Contents:
Demonstration: Using Windows Defender Antivirus 10
Demonstration: Using Windows Defender Antivirus

Demonstration Steps
2. Click Start, and then select Settings.
3. In the Settings app, open Update & Security, and then open the Windows Defender tab.
4. Click Open Windows Defender Security Center.
5. In Windows Defender Security Center, select Virus & threat protection.
6. On the Virus & threat protection page, select Quick scan.
7. Review the results.
8. Close Windows Defender Security Center.
9. Open File Explorer, and then browse to E:\Labfiles\Mod10.
10. In the Mod10 folder, open sample.txt in Notepad. The sample.txt file contains a text string to test
malware detection.
11. In the sample.txt file, delete both instances of <remove>, including the brackets and any extra lines
or blank spaces.
12. Save and close the file. Immediately, Windows Defender detects a potential threat.
13. Windows Defender then removes sample.txt from the Malware folder.
14. In the notification area, click Notifications, and then in the Action Center, select the notification that
states that Windows Defender Antivirus found a threat.
15. Windows Defender Security Center opens on the Scan history page.
16. Select the down arrow next to Virus:DOS/EICAR_Test_File, and then select Remove.
17. In the Windows Defender Security Center, on the Virus & threat protection settings page, review
the following settings:
o Real-time protection
o Cloud-delivered protection
o Automatic sample submission
o Exclusions
o Controlled folder access
o Notifications
18. In the taskbar, in the Ask me anything box, type gpedit.msc, and then press Enter.
19. Expand Computer Configuration, expand Administrative Templates, expand Windows

Components, and then click Windows Defender Antivirus.
20. Review the Group Policy items present, and explain how you can use Group Policy to configure
Windows Defender settings.


Review Question
Question: Why is it important to have a firewall on the host and a firewall on the perimeter network?
Answer: Answers will vary, but the main reason is that having multiple firewalls provides stronger
defense-in-depth, as compared to a single firewall on a perimeter network or just on the host.

Lab: Managing network security

Question: In what way does a connection security rule protect network traffic?
Answer: Connection security rules protect network traffic from interception and modification by
malicious users.
Question: You want to block users from utilizing an application on computers that use a specific port to
connect to an internet server. What type of rule should you configure?
Answer: You should configure an outbound rule to block the application from sending traffic on
that port.
Troubleshooting and recovery 11-1
Module 11
Troubleshooting and recovery
Contents:
Lesson 1: Managing devices and drivers 2
Lesson 2: Recovering files 6
Lesson 3: Recovering Devices 12

Lesson 1
Managing devices and drivers
Contents:
Demonstration: Managing device drivers 4

Question: From which tool or tools can you perform a driver rollback operation for printers?
( ) Device Manager
( ) Devices and printers
( ) Devices in Windows 10 Settings
( ) None of the above
Answer:
( ) Device Manager
( ) Devices and printers
( ) Devices in Windows 10 Settings
(√) None of the above
Feedback: You cannot perform driver rollback for printers (print queues).
Question: Which command or Windows PowerShell cmdlet can you use to install a driver package in the
driver store of a Windows 10–based computer running in normal mode?
( ) Msconfig.exe
( ) Driverquery.exe
( ) Pnputil.exe
( ) Add-WindowsDriver
( ) Get-SystemDriver
Answer:
( ) Msconfig.exe
( ) Driverquery.exe
(√) Pnputil.exe
( ) Add-WindowsDriver
( ) Get-SystemDriver
Feedback: To install a driver package in the driver store of a Windows 10–based computer
running in normal mode, you can use the pnputil.exe command. Add-WindowsDriver adds a
driver to an offline Windows image, not to a Windows 10–based computer running in normal
mode.
Question: You can disable the DVD-ROM drive on a remote Windows 10–based computer by using
Device Manager.
( ) True
( ) False
Answer:
( ) True
(√) False
Feedback: You cannot use Device Manager to manage devices on a remote Windows 10–based
computer. Device Manager can manage only devices connected to a local computer.
What is a device driver?

Question: Can you use a 32-bit device driver with the 64-bit versions of Windows 10?
Answer: No. Device drivers are version-specific. Therefore, you cannot use a device driver meant
for a 32-bit version of Windows 10 with a 64-bit version of Windows 10.
Question: Can you use an unsigned device driver with a 32-bit version of Windows 10?
Answer: Windows 10 includes only digitally signed device drivers. Microsoft recommends the use
of digitally signed device drivers only. If you try to install an unsigned device driver into the 32-
bit version of Windows 10, you will receive a security warning. However, you can decide to install
and use unsigned device drivers anyway.
Question: What is the difference between a driver and a driver package?
Answer: A driver package contains a driver and additional files, such as the .cat file, which is the
driver’s digital signature, and the .inf file, which has driver metadata.
Using Device Manager

Question: Can you use Device Manager to manage devices on a remote Windows 10–based computer?
Answer: No. You can only use Device Manager to manage devices on a local computer. If you try
to connect Device Manager to a remote computer, you will get the Access is denied error
message.
Question: How does Devices and Printers display a multifunction device that you connect to a Windows
10–based computer differently than Device Manager?
Answer: Devices and Printers displays a connected multifunction device as a single device.
Device Manager displays each device functionality separately. For example, Device Manager
displays a web camera as an audio input and output device, an imaging device, and a sound,
video and game controller device.
Driver Roll Back

Question: Why is the Roll Back Driver option unavailable for some devices?
Answer: The Roll Back Driver option reverts the device driver to the previously used device
driver. If the device is using the first and only version of the device driver, the Roll Back Driver
option is unavailable for that device.
Question: Can you roll back device drivers for printers in Device Manager?
Answer: No, Device Manager does not provide an option to roll back device drivers for printers
(print queues). This is because you manage Printers in Devices and Printers, not in Device
Manager.
Demonstration: Managing device drivers

Demonstration Steps
1. In LON-CL1, on the taskbar, right-click the Start icon, and then click Device Manager.
2. In Device Manager, expand Keyboards, right-click Standard PS/2 Keyboard, and then click
Properties.
3. In the Standard PS/2 Keyboard Properties dialog box, click the Driver tab.
Note: The Roll Back Driver button is not available.
4. Click Update Driver.
5. In the Update Drivers – Standard PS/2 Keyboard dialog box, click Browse my computer for
driver software.
6. On the Browse for drivers on your computer page, click Let me pick from a list of available
drivers on my computer.
7. On the Select the device driver you want to install for this hardware page, in the Show
compatible hardware list, click PC/AT Enhanced PS/2 Keyboard (101/102 Key), click Next, and
then click Close.
8. In the PC/AT Enhanced PS/2 Keyboard (101/102 Key) Properties dialog box, click Roll Back
Driver, select Previous version of the driver had more features, and then click Yes.
Note: Emphasize that after the rollback operation, the dialog box is now called Standard
PS/2 Keyboard Properties, and the Roll Back Driver is not available. This is because driver
rollback can go back by only one version.
9. Click Close, click No, and then close Device Manager.
11. In File Explorer, in the navigation pane, expand This PC, expand Local Disk (C:), expand Windows,
expand System32, expand DriverStore, and then click FileRepository.
12. In the details pane, click the Date modified column, and note that the highest folder was created
most recently.
13. Right-click the Start icon, and then click Windows PowerShell (Admin).
14. At the Windows PowerShell prompt, type the following command, and then press Enter:
pnputil /add-driver E:\Labfiles\Mod11\dc3dh\*.inf
15. In File Explorer, in the details pane, point out that the top folder was created when you installed the
driver package, and that its name starts with dc3dh, as did the name of the .inf file. Double-click the
folder and point out that it contains driver package files.
16. Close File Explorer and the Windows PowerShell prompt.

Lesson 2
Recovering files
Contents:
Demonstration: Using File History to recover files 9
Demonstration: Using Previous Versions to recover files 10

Question: Which location can File History use to store backup data?
( ) C:\
( ) D:\Backup
( ) \\172.16.10.256\Share1
( ) E:\
( ) https://azure.microsoft.com/backup
Answer:
( ) C:\
( ) D:\Backup
( ) \\172.16.10.256\Share1
(√) E:\
( ) https://azure.microsoft.com/backup
Feedback: File History cannot store backups on the volume on which the operating system is
installed. You also cannot create backups in the subfolders, or use the HTTPS protocol to connect
to the shared folder on the network on which backup will be performed. 172.17.10.256 is not a
valid IP address. The only correct option is to use root of the local drive, which could be E:\.
Question: You can use the Backup and Restore (Windows 7) tool to back up data that an ReFS volume is
storing.
( ) True
( ) False
Answer:
( ) True
(√) False
Feedback: By using the Backup and Restore (Windows 7) tool, you can only back up data that a
NTFS volume is storing. You cannot use it to back up data that is on FAT, FAT32, exFAT, or ReFS
volumes.
Question: You can use the Previous Versions feature only with files that NTFS volumes are storing.
( ) True
( ) False
Answer:
( ) True
(√) False
Feedback: You can use the Previous Versions feature with any file, regardless of the file system
on the volume that is storing it. However, if the file system is not NTFS, Previous Versions can
come only from File History.
File Recovery methods in Windows 10

Question: Does Windows 10 include a backup tool?
Answer: Yes, Windows 10 includes two backup tools:
• Wbadmin.exe, which is a backup command-line tool.
• Backup and Restore (Windows 7), which you can use to schedule backups of individual
folders, users’ libraries, and a complete Windows 10–based computer.
Question: What is the simplest way to recover a locally stored document that a user accidentally deleted
in Windows 10?
Answer: After you set it up, File History is the easiest and most user-friendly way to restore
previous versions of files.
File History
Question: Is File History turned on by default?
Answer: No. Before you can use File History, you must configure it with a local drive, a
removable drive, or a network location, and then turn on File History.
Question: Can you protect additional folders by using File History?
Answer: Yes. You can add additional folders to one of the libraries that File History is protecting.
Alternatively, you can use the Backup option in the Recovery section in the Settings app. When
you do so, File History also protects the folders you add.
Backup and Restore (Windows 7)

Question: Can you use the Backup and Restore (Windows 7) tool to back up a single file automatically in
a folder with multiple documents?
Answer: You can use the Backup and Restore (Windows 7) tool to perform automatic backups,
but you can only define which folders to include in the backup, not individual files.
Question: How can you modify the default backup schedule for the Backup and Restore (Windows 7)
tool, which performs a backup every Sunday at 7 PM, by default?
Answer: You can use the Backup and Restore (Windows 7) item in Control Panel to configure a
simple backup schedule. However, by editing the triggers property for the AutomaticBackup task
in Task Scheduler, you can be more specific. For example, you can specify a backup schedule of
multiple times per day, or you can provide the precise time to run a backup.
Previous Versions
Question: What must you configure if you want the Previous Versions tab in File Explorer to list previous
versions of files?
Answer: Previous versions of the files come from File History or from restore points. If you want
the Previous Versions tab in File Explorer to list previous versions of files, you must protect
those files by using File History or including them in the backup that the Backup and Restore
(Windows 7) tool creates.
Question: When will the Previous Versions tab include the previous versions of a file that the Backup
and Restore (Windows 7) tool is backing up?
Answer: As soon as the Backup and Restore (Windows 7) tool creates a backup, the previous
version will be available on the Previous Versions tab. The same is true if File History is
protecting the file. When File History runs, previous versions of the file become available on the
Previous Versions tab.
Demonstration: Using File History to recover files

Demonstration Steps
1. In LON-CL1, on the taskbar, click File Explorer.
2. In File Explorer, in the navigation pane, expand This PC, and then click Documents.
3. In the details pane, right-click an empty space, point to New, and then click Text Document.
4. Name the new text document Report.
5. Double-click Report.txt, and then in Notepad, type This is a report.
6. Close Notepad and click Save to save the changes.
7. On the taskbar, in the Ask me anything box, type file history, and then click Restore your files
with File History.
8. In the Home – File History window, click Configure File History settings.
9. In the File History dialog box, in the navigation pane, click Select drive.
10. In the Select Drive dialog box, click Add network location, in the Folder box, type \\LON-
DC1\Backup2, click Select Folder, and then click OK.
11. In the File History dialog box, in the details pane, click Turn on. In the navigation pane, click
Advanced settings. Point out the default values, and then click Cancel.
12. In File Explorer, in the navigation pane, click Documents, right-click Report.txt, and then click
Delete.
13. In File Explorer, click the Home tab, and then click History.
14. In the Documents – File History window, right-click Report.txt, and then click Preview.
Note: Point out that you can see the text that you typed earlier.
15. Click the round button with the arrow to restore the file to the original location.
16. File Explorer opens. Point out that the Report.txt file has been recovered. Double-click Report.txt,
point out that it has the content that you typed earlier, close Notepad, and then close File Explorer.
17. In the Report.txt – File History window, on the left of the address box, click the upward-pointing
arrow twice.
Note: Point out the folders and libraries that File History is protecting, and verify that the
Data folder is currently not among the protected folders.
18. Close the Home – File History window.
19. In File Explorer, in the navigation pane, expand Local Disk (C:), and then click Data.
20. In the details pane, right-click Sales.txt, click Properties, and then click the Previous Versions tab.
Note: Point out that there are no previous versions available.
21. Click OK, and then on the taskbar, in the Ask me anything box, type file history, and then click
Backup settings.
22. In Settings, in the Back up using File History section, click More options.
23. In the Backup options window, in the Back up these folders section, click Add a folder.
24. In the Folder box, type C:\Data, and then click Choose this folder.
Note: Point out that the C:\Data folder is added. Show and discuss other settings, such as
backup frequency, how long to keep files, and which folders are excluded.
25. Close the Settings window.
26. In the File History window, click Run now.
27. In File Explorer, in the details pane, right-click Sales.txt, click Properties, and then click the Previous
Versions tab.
Note: Point out that there is now one previous version available, which was created when
you ran File History.
28. Click OK. In File Explorer, click the Home tab, and then click History.
29. In the Sales.txt – File History window, on the left of the address box, click the upward-pointing
arrow until the window title changes to Home – File History.
Note: Point out that the Data folder is now among the folders and libraries that File History
is protecting.
30. Close the Home – File History and File History windows.
Demonstration: Using Previous Versions to recover files

Demonstration Steps
1. In LON-CL1, in File Explorer, in the navigation pane, verify that Data is selected. In the details pane,
right-click Sales.txt, click Properties, click the Previous Versions tab, point out that there is one
previous version, explain that it was created when File History ran in the previous demonstration, and
then click OK.
2. Double-click Sales.txt, in Notepad, type Before restore point, close Notepad, and then click Save to
save the changes.
3. Right-click Sales.txt, click Properties, click the Previous Versions tab, point out that there is still
only one previous version, and then click OK.
4. On the taskbar, in the Ask me anything box, type control, and then press Enter.
5. In Control Panel, in the System and Security section, click Backup and Restore (Windows 7).
6. In the Backup and Restore (Windows 7) window, click Set up backup.
7. In the Set up backup window, click Save on a network. In the Network location box, enter \\lon-
dc1\Backup2, in Username, type Adatum\Administrator, in Password, type Pa55w.rd, click OK,
and then click Next.
8. On the What do you want to back up? page, select Let me choose, click Next, clear the Include a
system image of drives: System Reserved, (C:) check box, expand Local Disk (C:), select Data,
point out that the Misc folder is not selected, and then click Next.
9. On the Review your backup settings page, click Save settings and run backup, and wait until
backup finishes.
10. In File Explorer, right-click Sales.txt, click Properties, click the Previous Versions tab, point out that
there are now two previous versions because the second previous version was added when the
backup was created, and then click OK.
11. Right-click Sales.txt, and then click Delete.
12. In the details pane, right-click the empty space, click Properties, click the Previous Versions tab,
click the first Data folder listed under Folder versions, click Restore, and then click OK.
13. In File Explorer, in the details pane, double-click Data, and then point out that the Sales.txt file is
restored.
14. In File Explorer, in the navigation pane, expand Local Disk (C:), and then click Misc.
15. In the details pane, right-click Temp.txt, click Properties, and then click the Previous Versions tab.
Point out that no previous version is available because the backup did not include the folder. Click
OK, close File Explorer, and then close the Backup and Restore (Windows 7) window.
Lesson 3
Recovering Devices
Contents:
Demonstration: Using a Restore Point to Roll Back Device Configuration 15
Demonstration: Using Advanced Start-up Options 16

Question: Which of the following tools cannot preserve user data that is stored on the C drive?
( ) Reset this PC
( ) System Image Recovery
( ) Startup Repair
( ) Diskpart.exe
( ) Go back to the previous build
Answer:
( ) Reset this PC
(√) System Image Recovery
( ) Startup Repair
( ) Diskpart.exe
( ) Go back to the previous build
Feedback: If you use System Image Recovery, it will replace all the data with that of the system
image. You can select the Keep my files option with Reset this PC. Startup Repair does not
modify user data. Using Go to the previous build will also preserve user data. You can use
Diskpart.exe to create a new partition, which does not affect existing user data.
Question: System Image Recovery is the easiest and fastest tool for repairing startup problems in
Windows 10.
( ) True
( ) False
Answer:
( ) True
(√) False
Feedback: Startup Repair is the easiest and fastest tool for repairing startup problems in
Windows 10.
Question: You can use System Restore even if your Windows 10–based computer has startup problems.
( ) True
( ) False
Answer:
(√) True
( ) False
Feedback: If your computer has startup problems, you can start it from the Windows 10
installation media, select Repair, and then select System Restore.
Overview of Device Recovery Procedures

Question: Can you run the Reset this PC feature from a computer running Windows 10 in the normal
mode?
Answer: No. You can select the Reset this PC option only from the recovery environment. To
start the computer in the recovery environment, you should select the option to change
advanced startup options while Windows 10 is running, or start the computer from Windows 10
installation media and select Recovery.
Question: Why would you use Startup Repair instead of System Image Recovery if the Boot Configuration
Data (BCD) store is corrupted on a Windows 10–based computer?
Answer: If the BCD store is corrupted, Windows 10 will not start. Both Startup Repair and System
Image Recovery can resolve the issue, but Startup Repair is much faster and is a nondestructive
operation.
System Protection and Restore Points

Question: How can you configure Windows 10 to create restore points automatically?
Answer: System Protection creates a scheduled task named SR that can schedule the creation of
restore points automatically. You can add a new trigger to the task and configure the frequency
for creating restore points.
Question: Can you enable System Protection on an ReFS volume?
Answer: No. You can only turn on System Protection on NTFS volumes. You cannot enable it on
FAT or ReFS volumes.
Advanced Startup Options

Question: Can you access startup settings options by pressing F8 during computer startup?
Answer: No. You cannot use keyboard shortcuts during the Windows 10 startup process, and
you cannot access startup settings options by pressing any key during computer startup. You can
access startup options by:
• Changing advanced startup options in Windows 10.
• Pressing the Shift key while selecting the Restart option.
• Restarting the computer by running the shutdown.exe /r /o command.
Question: How can you access the Last Known Good Configuration startup option in Windows 10?
Answer: The Last Known Good Configuration startup option is not available in Windows 10.
Tools Available in Windows RE

Question: Can you use System Image Recovery without any previous preparation?
Answer: No. System Image Recovery restores a system image on your computer. To be able to
use this option, you must first create the system image while Windows 10 is running.
Question: What are the options for the Reset this PC tool?
Answer: If you start the Reset this PC tool, you can first choose between the Keep my files and
Remove everything options. If you select Remove everything, you can further choose between
the Just remove my files and Fully clean the drive options.
Discussion: Recovering Devices

Question: Can you start System Recovery only from Windows 10 running in the normal mode?
Answer: No. You can also start System Recovery from safe mode or from the recovery mode.
Question: When would you use System Image Recovery?
Answer: If your device has failed, you should probably use System Image Recovery as the last
resort. This method requires you to prepare a system image in advance, and it completely
replaces the device data with the content of the system image.
Demonstration: Using a Restore Point to Roll Back Device Configuration

Demonstration Steps
1. In LON-CL1, in File Explorer, in the navigation pane, right-click This PC, click Properties, and then
click System protection.
2. In the System Properties dialog box, in the Protection Settings section, select Local Disk (C:)
(System), click Configure, select Turn on system protection, move the Max Usage slider between
5 GB and 10 GB, and then click OK.
3. In the System Properties dialog box, click Create. In the System Protection dialog box, type Initial
settings, click Create, and then click Close.
4. Right-click the desktop, point to New, click Text Document, type My document as its name, and
then press Enter.
5. Right-click the Start icon, and then click Device Manager.
6. In Device Manager, expand Keyboards, right-click Microsoft Hyper-V Virtual Keyboard, and then
select Update Driver.
7. In the Update Drivers – Microsoft Hyper-V Virtual Keyboard dialog box, click Browse my
computer for driver software. Click Let me pick from a list of available drivers on my computer,
and then clear the Show compatible hardware check box. In the Model section, select Microsoft
Wireless Keyboard 700 v2.0 (106/109), click Next, in the Update Driver Warning box, click Yes,
and then click Close.
8. Point out that in Device Manager, Microsoft Wireless Keyboard 700 v2.0 (106/109) appears with an
exclamation point (!).
9. In the System Properties dialog box, in the System Restore section, click System Restore, and then
click Next.
10. Select the Initial settings restore point, click Next, click Finish, and then click Yes. Wait until LON-
CL1 has restarted and System Restore has restored files and settings.
12. In the System Restore dialog box, click Close. Point out that My document.txt is still on the desktop.
13. Right-click the Start icon, and then click Device Manager.
14. In Device Manager, expand Keyboards, and then verify that Microsoft Hyper-V Virtual Keyboard is
present. Microsoft Wireless Keyboard 700 v2.0 (106/109) was removed, as you added it after creating
the restore point. Close Device Manager.
16. In File Explorer, in the navigation pane, right-click This PC, click Properties, and then click System
protection.
17. In the System Properties dialog box, click System Restore.
18. In the System Restore dialog box, select Choose a different restore point, and then click Next.
19. In the System Restore dialog box, verify that the additional restore point with the description
Restore Operation and the type Undo was created.
20. Click Cancel, click OK in the System Properties dialog box, and then close the System window.
Demonstration: Using Advanced Start-up Options

Demonstration Steps
1. In LON-CL1, on the taskbar, in the Ask me anything box, enter service, and then click Services.
2. In the Services window, click the Status column to sort the services, scroll down, point out that many
(more than 75) services are running, and then close Services.
4. In the Windows PowerShell prompt, type the following command, and then press Enter:
shutdown /r /o
5. In the You’re about to be signed out dialog box, click Close. Wait while LON-CL1 restarts.
6. On the Choose an option page, discuss the available options, and then click Troubleshoot.
7. On the Troubleshoot page, explain the Reset this PC options, and then click Advanced options.
8. On the Advanced options page, discuss available options, click Startup Settings, and then click
Restart.
9. Discuss the available Startup options, and then press 4 to select Enable Safe Mode.
10. When the computer starts, type Pa55w.rd as the password for Adatum\Administrator, and then
press Enter.
11. Point out that the words Safe Mode appear in all four corners of the desktop. Right-click the Start
icon, and then select Device Manager.
12. In Device Manager, right-click Generic PnP Monitor, select Properties, and then point out that the
status of the device is not available when running in safe mode.
13. Click the Driver tab and point out that you can still update drivers or uninstall devices while running
in safe mode. Mention that you can also perform Driver Roll Back, if a previous version of the driver
exists, and then click OK.
14. On the taskbar, enter some text into the Ask me anything box. Explain that indexing is turned off
because you are running in safe mode.
15. Right-click the Start icon and click Computer Management.
16. In Computer Management, in the navigation pane, expand Services and Applications, and then click
Services. In the details pane, click the Status column to sort the services, scroll down, and then point
out that only a few services (less than 30) are running when you are in safe mode, while more than 75
services were running in normal mode.
17. On your host computer, in the 20697-1D-LON-CL1 on localhost – Virtual Machine Connection
dialog box, on the Media menu, point to DVD Drive, and then click Insert Disk.
18. In the Open dialog box, in the File name box, type C:\Program Files\Microsoft Learning\20697-
1\Drives\Win10_1709_Eval.iso, and then click Open. If virtual machines are extracted to a different
drive than C:, use that drive letter instead of C:.
19. In LON-CL1, right-click the Start icon, select Shut down or sign out, and then select Restart.
20. When you see the Press any key to boot from CD or DVD message, press the spacebar, and then
wait while Windows Setup loads.
21. When prompted, in the Windows Setup dialog box, click Next.
22. On the next Windows Setup page, click Repair your computer.
23. On the Choose an option page, explain that you have the same options available, even though this
time you started the computer from DVD media, and then select Troubleshoot.
24. On the Troubleshoot page, click Advanced options.
25. On the Advanced options page, point out that the only option that is missing is Startup Settings,
because you started the recovery environment from DVD media. Click System Restore, and then
click Windows 10.
26. In the System Restore window, click Next. Point out that you can view and use restore points in
System Restore even when you start the computer from the installation media.

Review Questions
Question: The help desk recently installed a new device driver on a computer. A stop code is generated,
and you see a blue screen during computer startup. What recovery mechanism would you try first?
Answer: You could try starting the computer in safe mode and using a driver rollback if the
computer is able to start from the hard drive. Alternatively, you can use Windows 10 media and
Windows RE to apply a System Restore point. You could also use Reset this PC as one of the last
recovery options.
Question: Which Windows 10 features can help end users restore previous versions of their files?
Answer: Windows 10 includes several features that can help end users restore previous versions
of their files. The easiest way is to use the Previous Versions feature, which sources previous
versions from File History and from restore points that Backup and Restore (Windows 7) creates.
Question: Can a nonadministrative user use System Restore from the recovery environment?
Answer: If a user starts the recovery environment from a computer running Windows 10 in the
normal mode by changing the advanced startup options, then the user will need to provide
administrative credentials to run System Restore. However, if the user starts the recovery
environment from the Windows 10 installation media, then he or she can use System Restore
without providing administrative credentials.

Lab: Troubleshooting and recovery

Question: What must you do if you want to use the Previous Versions feature in Windows 10?
Answer: If you want to use the Previous Versions feature in Windows 10, you must configure File
History, Backup and Restore (Windows 7), or both.
Question: In Windows 10, how can you access advanced startup settings, such as safe mode?
Answer: If you want to access advanced startup settings, such as safe mode, you must boot your
Windows 10 device into Windows RE and select Startup Settings.
Question: Where can you access the Refresh your PC option in Windows 10?
Answer: The Refresh your PC option is not available in Windows 10. It was only available in
Windows 8 and Windows 8.1. In Windows 10, Reset this PC integrates the functionality of the
Refresh your PC option.
Maintaining Windows 10 12-1
Module 12
Maintaining Windows 10
Contents:
Lesson 1: Updating Windows 2
Lesson 2: Monitoring Windows 10 6
Lesson 3: Optimizing Performance 9

Lesson 1
Updating Windows
Contents:
Resources 3
Demonstration: Configuring Windows Update 3

Question: Aside from using WSUS to apply updates, what other technologies could you use to help keep
your Windows 10 devices up to date? (Choose all that apply)
( ) Microsoft Intune
( ) Microsoft System Center 2012 R2 Configuration Manager
( ) Windows Update for Business
Answer:
(√) Microsoft Intune
(√) Microsoft System Center 2012 R2 Configuration Manager
(√) Windows Update for Business
Feedback: You can use all three of these Microsoft technologies to keep your Windows 10
devices up to date.
Question: You can use Windows Update for Business to update all editions of Windows 10.
( ) True
( ) False
Answer:
( ) True
(√) False
Feedback: Windows Update for Business is for Windows 10 Pro, Windows 10 Education, and
Windows 10 Enterprise editions. Windows Update for Business does not support Windows 10
Home.
Resources
Windows 10 Servicing Options
Additional Reading: For more information, refer to “Update Windows 10 in the enterprise”
at: https://aka.ms/Db9fv5.
Demonstration: Configuring Windows Update

Demonstration Steps
Configure Windows Update manually
Enter:
Set-Service wuauserv -Startuptype Manual
Note: In the lab setup, the Windows Update service is disabled. The above command is not
necessary to run on a normal Windows 10 device.
4. Click Start and then click the Settings icon.
5. In Settings, click Update & Security.
6. On the Windows Update tab, click Advanced options.
7. On the Advanced options page, ensure that the Give me updates for other Microsoft products
when I update Windows check box is cleared.
8. Click Back.
9. Click Change active hours.
10. In the End time drop-down list, click 8 00 PM and then click the check mark.
11. Click Save.
Configure Windows Update by using GPOs

1. In the Ask me anything box, type gpedit.msc, and then click gpedit.msc in the list of returned
items.
2. In Local Group Policy Editor, navigate to Computer Configuration/Administrative

Templates/Windows Components/Data Collection and Preview Builds.
3. In the right pane, double-click Toggle user control over Insider builds.
4. In the Toggle user control over Insider builds dialog box, click Disabled, and then click OK.
5. In Local Group Policy Editor, navigate to Computer Configuration/Administrative

Templates/Windows Components/Windows Update/ Windows Update for Business.
6. In the right pane, double-click Select when Preview Builds and Feature Updates are received.
7. In the Select when Preview Builds and Feature Updates are received dialog box, click Enabled. In
the Select the Windows readiness level for the updates you want to receive drop-down list,
select Semi-Annual Channel (Targeted). In the After a Preview Build or Feature Update is
released, defer receiving it for this many days text box, type 90, and then click OK.
8. In the navigation pane, click Windows Update.
9. In the right pane, double-click Turn off auto-restart for updates during active hours.
10. In the Turn off auto-restart for updates during active hours dialog box, click Enabled, and then
click OK.
11. In the right pane, double-click Do not include drivers with Windows Updates.
12. In the Do not include drivers with Windows Updates dialog box, click Enabled, and then click OK.
Enter:
gpupdate /force
15. Restart LON-CL1.
16. Sign in as Adatum\Administrator with the password Pa55w.rd.
17. Click Start, and then click the Settings icon.
18. In Settings, click Update & Security.
19. Notice that Change active hours no longer displays.

20. On the Windows Update tab, click Advanced options.
21. Notice that in the Choose when updates are installed section, several options are greyed out.
22. Close all open apps and windows.

Lesson 2
Monitoring Windows 10
Contents:
Demonstration: Monitoring Windows with Event Viewer 7

Question: To establish event subscriptions, at the collector computer, you must run the winrm
quickconfig command to configure firewall rules.
( ) True
( ) False
Answer:
( ) True
(√) False
Feedback: You must run the winrm quickconfig command to configure firewall rules on the
source computer.
Demonstration: Monitoring Windows with Event Viewer

Demonstration Steps
Explore custom views
1. On LON-CL1, right-click Start, and then select Event Viewer.
2. In the navigation pane, expand Custom Views, and then click Administrative Events.
Create a custom view

1. In the navigation pane, right-click Custom Views, and then click Create Custom View.
2. In the Create Custom View dialog box, select the Critical, Warning, and Error check boxes.
3. In the Event logs list, expand Windows Logs, and then select the System and Application check
boxes. Click in the Create Custom View dialog box, and then click OK.
4. In the Save Filter to Custom View dialog box, in the Name box, type Adatum Custom View, and
then click OK.
5. In Event Viewer, in the right pane, view the events that are visible within your custom view.
Configure the source computer

1. Switch to LON-DC1.
3. At the command prompt, type the following command, and then press Enter:
winrm quickconfig
Note: The service is running already.
4. In Server Manager, click Tools, and then click Active Directory Users and Computers.
5. In Active Directory Users and Computers, in the navigation pane, expand Adatum.com, and then
click Builtin.
6. In the results pane, double-click Administrators.
7. In the Administrators Properties dialog box, click the Members tab.

8. Click Add, and then in the Select Users, Contacts, Computers, Service Accounts, or Groups dialog
box, click Object Types.
9. In the Object Types dialog box, select the Computers check box, and then click OK.
10. In the Select Users, Contacts, Computers, Service Accounts, or Groups dialog box, in the Enter
the object names to select (examples) box, type LON-CL1, and then click OK.
11. In the Administrators Properties dialog box, click OK.
Configure the collector computer

3. At the Windows PowerShell prompt, type the following command, and then press Enter:
Wecutil qc
4. When prompted, type Y, and then press Enter.
Create and view the subscribed log

1. In Event Viewer, in the navigation pane, click Subscriptions.
2. Right-click Subscriptions, and then click Create Subscription.
3. In the Subscription Properties dialog box, in the Subscription name box, type LON-DC1 Events.
4. Ensure that Collector Initiated is selected, and then click Select Computers.
5. In the Computers dialog box, click Add Domain Computers.
6. In the Select Computer dialog box, in the Enter the object name to select (examples) box, type
LON-DC1, and then click OK.
7. In the Computers dialog box, click OK.
8. In the Subscription Properties – LON-DC1 Events dialog box, click Select Events.
9. In the Query Filter dialog box, select the Critical, Warning, Information, Verbose, and Error check
boxes.
10. In the Logged list, click Last 30 days.
11. In the Event logs list, select Windows Logs. Click in the Query Filter dialog box, and then click OK.
12. In the Subscription Properties – LON-DC1 Events dialog box, click OK.
13. In Event Viewer, in the navigation pane, expand Windows Logs.
14. Click Forwarded Events.
15. Examine any listed events.
16. Close all apps and open windows.

Lesson 3
Optimizing Performance
Contents:
Demonstration: Monitoring Performance 10

Question: When monitoring Windows 10–based computers to optimize their performance, which key
system components should you monitor? (Choose all that apply)
( ) Processor
( ) System
( ) Disk
( ) Memory
( ) Network
Answer:
(√) Processor
( ) System
(√) Disk
(√) Memory
(√) Network
Feedback: The system is not a key resource component, but it is a Performance Monitor object.
Demonstration: Monitoring Performance

Demonstration Steps
Open Performance Monitor
1. On LON-CL1, in the Ask me anything text box, type perfmon, and then in the list, select
Performance Monitor.
2. In the Performance Monitor window, click the Performance Monitor node. Notice that only %
Processor Time is displayed by default.
Add new values to the chart

1. On the toolbar, click the plus (+) symbol to add an additional counter.
2. In the Available counters area, expand PhysicalDisk, and then click % Idle Time.
3. In the Instances of selected object box, click 0 C:, click Add, and then click OK.
4. Right-click % Idle Time, and then click Properties.
5. In the Color box, click green, and then click OK.
Create a Data Collector Set

1. In the left pane, expand Data Collector Sets, and then click User Defined.
2. Right-click User Defined, point to New, and then click Data Collector Set.
3. In the Name box, type CPU and Disk Activity, and then click Next.
4. In the Template Data Collector Set box, click Basic, and then click Next. We recommend that you
use a template.
5. Click Next to accept the default storage location for the data.
6. Click Open properties for this data collector set, and then click Finish.
7. In the CPU and Disk Activity Properties dialog box, on the General tab, you can configure general
information about the data collector set and the credentials that the data collector set uses when it is
running.
8. Click the Directory tab. This tab lets you define information about how to store collected data.
9. Click the Security tab. This tab lets you configure which users can change this data collector set.
10. Click the Schedule tab. This tab lets you define when the data collector set is active and collecting
data.
11. Click the Stop Condition tab. This tab lets you define when to stop data collection, based on time or
collected data.
12. Click the Task tab. This tab lets you run a scheduled task when the data collector set stops. You can
use this to process the collected data.
13. Click Cancel. Notice that there are three kinds of logs in the right pane:
o Performance Counter collects data that you can view in Performance Monitor.
o Configuration records changes to registry keys.
o Kernel Trace collects detailed information about system events and activities.
14. In the right pane, double-click Performance Counter. Notice that all Processor counters are
collected, by default.
15. Click Add.
16. In the Available counters area, click PhysicalDisk, click Add, and then click OK. All the counters for
the PhysicalDisk object are now added. Click OK.
17. In the left pane, right-click CPU and Disk Activity, and then click Start.
Examine a Report
1. Wait one minute for the data collector set to stop automatically.
2. Right-click CPU and Disk Activity, and then click Latest Report.
3. Review the report, which shows the data that the data collector set collects.
4. Close Performance Monitor.


Review Questions
Question: What is the benefit of configuring Windows Update by using Group Policy rather than by using
Settings?
Answer: By using Group Policy, you can apply configuration settings to multiple computers by
performing a single action. It also prevents users from overriding the settings.
Question: What significant counters should you monitor in Performance Monitor?
Answer: You should monitor the following counters:
• Processor > % Processor Time
• System > Processor Queue Length
• Memory > Pages/sec
• Physical Disk > % Disk Time
• Physical Disk > Avg. Disk Queue Length
Question: If you have problems with your computer’s performance, how can you create a data collector
set to analyze a performance problem?
Answer: You can create a data collector set manually, from counters in the Performance Monitor
display, or by using a template.

Lab: Maintaining Windows 10

Question: In the lab, you collected performance data for specific system objects. Which object(s) and
counter(s) in Performance Monitor indicate how busy the computer’s CPU is?
Answer: The Processor\% Processor Time counter and the System\Processor Queue Length
counter together provide the best indication of how busy or overloaded the computer’s CPU is.

Companion Notes

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Companion Notes

Загружено:

Авторское право:

Доступные форматы

O F F I C I A L M I C R O S O F T L E A R N I N G P R O D U C T

© 2018 Microsoft Corporation. All rights reserved.

Product Number: 20697-1D

a. If you are a Microsoft IT Academy Program Member:

b. If you are a Microsoft Learning Competency Member:

d. If you are an End User:

e. If you are a Trainer.

3. LICENSED CONTENT BASED ON PRE-RELEASE TECHNOLOGY. If the Licensed Content’s subject

11. APPLICABLE LAW.

This limitation applies to

LIMITATION DES DOMMAGES-INTÉRÊTS ET EXCLUSION DE RESPONSABILITÉ POUR LES

Revised July 2013

Lesson 2: Navigating the Windows 10 user interface 4

Module Review and Takeaways 7

Lab Review Questions and Answers 8

Question and Answers

( ) Windows 10 is easy to use.

( ) Windows 10 is provided with continuous updates.

( ) Microsoft provides Windows 10 as a free upgrade for Windows 7 Enterprise users.

( ) Windows 10 provides improved device management.

(√) Windows 10 is easy to use.

(√) Windows 10 is provided with continuous updates.

( ) Microsoft provides Windows 10 as a free upgrade for Windows 7 Enterprise users.

(√) Windows 10 provides improved device management.

Discussion: Is your organization ready for Windows 10?

Discussion: Will your organization embrace the BYOD philosophy?

What’s new in Windows 10 Fall Creators Update?

Additional Reading: For more information, refer to:

Question and Answers

Demonstration: Navigating the Windows 10 user interface

2. Click Other user.

3. In the User name box, type Beth.

4. In the Password box, type Pa55w.rd, and then press Enter.

Open action center

2. Click Tablet mode.

3. Click Start to close action center.

View installed apps

2. In the All apps list, click Calculator.

4. Click All apps, and then click Alarms & Clock.

Switch between running apps

2. Click Action Center.

3. Click Tablet mode.

4. In Alarms & Clock, click Restore Down.

6. Click Calculator. Both apps should display, side by side.

Add a new desktop

2. On the right side of the display, click New desktop.

4. Click Start, scroll down, and then click Word 2016.

Demonstration: Customizing the Windows 10 Start screen

2. Click Other user.

3. In the User name box, type Beth.

4. In the Password box, type Pa55w.rd, and then press Enter.

2. Right-click PowerPoint 2016, and then click Pin to Start.

3. Right-click Excel 2016, and then click Pin to Start.

4. Right-click Camera, and then click Pin to Start.

5. Click the space immediately above the four tiles.

7. Right-click Camera, and then click Unpin from Start.

Configure the taskbar

Module Review and Takeaways

Question: What is the purpose of Client Hyper-V in Windows 10?

Lab Review Questions and Answers

Question and Answers

Lesson 2: Upgrading to Windows 10 6

Module Review and Takeaways 8

Lab Review Questions and Answers 9